Is there no sql back up of MR you can restore, and then refresh the data? or recover the password?
MR should have its own SQl instance because its configuration is different.
When you move the database to another server, you lose the ability to automatically decrypt and open the database master key because the local server key will most likely be different. If you can't decrypt the database master key, then you can't decrypt anything else that depends on it (certificates, symmetric keys, etc).
The problem occurs for example when restoring an MR database.
It can also occur when the Management Reporter database is in an availability group Always On (Availability group) when you switch the Management Reporter database to the secondary server, it will not be able to decrypt the data of the database. Consequently, the DataMart database disappears from the console and the following error message appears in the event log:
For MR :
- Key Service (SMK) - Generated by the SQL service is used to encrypt the Database Master Key (DMK).
- Database Master Key (DMK) – is used to encrypt the certificate.
- Certificate – is used to encrypt the symmetric key
- Symmetric Key – is used to encrypt data
The problem is that the Service Key (SMK) of the second SQL server is not able to decrypt the Database Master Key (DMK) located in a database Management Reporter since it was encrypted with the Key Service the primary server. Because SQL is not able to open the DMK, it therefore cannot open the certificate, etc .
There links may help"
https://support.microsoft.com/en-ca/help/2744330/error-messages-when-you-restore-a-microsoft-management-reporter-2012-d
https://docs.microsoft.com/en-us/sql/t-sql/statements/open-master-key-transact-sql?view=sql-server-ver15
https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-master-key-transact-sql?view=sql-server-ver15
https://docs.microsoft.com/en-us/sql/t-sql/statements/restore-master-key-transact-sql?redirectedfrom=MSDN&view=sql-server-ver15
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/restore-the-service-master-key?view=sql-server-ver15
https://docs.microsoft.com/en-us/sql/t-sql/statements/backup-service-master-key-transact-sql?view=sql-server-ver15
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/back-up-the-service-master-key?view=sql-server-ver15
I recommend to add a new password on the production system using ALTER MASTER KEY (msdn2.microsoft.com/.../ms186937.aspx) in case the original password is truly lost.
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'SQLAuthority' ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
The REGENERATE option should be used only when you want to have a new master key in the database
ALTER MASTER KEY DROP ENCRYPTION BY SERVICE MASTER KEY.
When SQL requires a Database Master Key (DMK) to encrypt or decrypt a key, SQL tries to decrypt the DMK from the Service Master Key (SMK). If this fails,then SQL checks whether the password to open the DMK is in sys.master_key_passwords.
Add the password to the DMK ManagementReporter catalog sys.master_key_passwords for all servers in the group.
EXEC sp_control_dbmasterkey_password @db_name = N'ManagementReporter ' ,
@password = xxxxxxxxx ' , @action = Do not add' ;
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-control-dbmasterkey-password-transact-sql?view=sql-server-ver15
The RESTORE MASTER KEY with FORCE option to replace the DBMK - needs care - make sure you have backed up any important data you have modified. The service master key is the root of the SQL Server encryption hierarchy. The service master key directly or indirectly secures all other keys in the tree. If a dependent key cannot be decrypted during a forced restore, data that is secured by that key will be lost.
,
