Azure SQL TDE failures – Activity log Alerts to rescue
Dev Consultant Nasir Syed takes a look at Azure SQL TDE failures and techniques you can use to troubleshoot and fix these problems.
In this blog I discuss a solution to handle an error condition that could occur when using multiple Azure Services. The scenario presented here is when an Azure SQL Server Transparent data encryption provider is registered using Azure Key Vault with customer provided keys. The error condition occurs if/when the SQL Server looses the Key Vault connection.
The SQL Server connection to the Key Vault can be lost for various reasons of either the SQL Server (updates, backups etc..) or the Key Vault (Key expired, disabled etc..)
Luckily Azure provides detailed logging and alerting through Azure Monitor Logs and Alerts. When the error condition described above, is encountered the SQL Server and the SQL Databases (Managed Instances included) creates a log entry in the Activity Logs (Administrative), based on this log entry an Alert condition can be easily configured by using the Azure portal or PowerShell. The logs contain several events a good explanation on those are well documented here.