Script – Encryption

Encryption related Scripts

Create a service master key

Create Master Key Encryption By Password = 'MyPassword'

Create a Master Certificate

CREATE CERTIFICATE MyCertificate WITH SUBJECT = 'My Certificate'

Backup Certificates to files

BACKUP CERTIFICATE MyCertificate TO FILE = 'c:\temp\MyCertificateBackup.bck'
WITH PRIVATE KEY (
  FILE = 'c:\Temp\MyPrivateKey.key',
  ENCRYPTION BY PASSWORD = 'MyPassword');

Restore Encryption Key

CREATE CERTIFICATE MyCertificate
    FROM FILE = 'c:\temp\MyCertificateBackup.bck' 
    WITH PRIVATE KEY (FILE = 'c:\Temp\MyPrivateKey.key', 
    DECRYPTION BY PASSWORD = 'MyPassword');

Generate a Key in a database

CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE MyCertificate

Switch on Encryption

ALTER DATABASE TestEncryption SET ENCRYPTION ON

Reverse

ALTER DATABASE TestEncryption SET ENCRYPTION OFF

Show Encryption status and Certificate used

use master
GO

select @@servername, db_name(d.database_id) ,
CASE COALESCE(a.encryption_state, 99999)
        WHEN 0 THEN 'No database encryption key present, no encryption'
        WHEN 1 THEN 'Unencrypted'
        WHEN 2 THEN 'Encryption in progress'
        WHEN 3 THEN 'Encrypted'
        WHEN 4 THEN 'Key change in progress'
        WHEN 5 THEN 'Decryption in progress'
        WHEN 6 THEN 'Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)'
        WHEN 99999 THEN 'Not Encrypted'
        ELSE 'Unknown State...'
        END ,
        c.name AS 'CertificateName' 
from sys.databases d
left outer join sys.dm_database_encryption_keys a ON d.database_id = a.database_id
LEFT OUTER join sys.certificates c  ON a.encryptor_thumbprint = c.thumbprint
order by c.name  desc

CheckEncryptionResults

Show Encryption – Multi-server Edition

A more advanced version of the above that’s great if you are running against multiple servers at a time for audit purposes

This statement differs in that if checks to ensure the server supports encryption before checking but still includes server in results.

DECLARE @EngineVer int;
DECLARE @SQLVer int;
DECLARE @SQLString nvarchar(1024);

-- ensure teht server is newer 
SELECT @SQLVer = substring(cast(SERVERPROPERTY('ProductVersion') as varchar(126)),1,(charindex('.',cast(SERVERPROPERTY('ProductVersion') as varchar(126)))-1));
SELECT @EngineVer = convert(INT,SERVERPROPERTY ('EngineEdition'));


if @EngineVer = 3 and @SQLVer > 9
begin
SET @SQLString = '    
    select cast(@@servername as varchar(126)) as ''ServerName'', cast(db_name(d.database_id) as varchar(128)) as ''DatabaseName'', 
    CASE COALESCE(a.encryption_state, 99999)     
        WHEN 0 THEN ''No database encryption key present, no encryption''     
        WHEN 1 THEN ''Unencrypted''      
        WHEN 2 THEN ''Encryption in progress''         
        WHEN 3 THEN ''Encrypted''         
        WHEN 4 THEN ''Key change in progress''         
        WHEN 5 THEN ''Decryption in progress''         
        WHEN 6 THEN ''Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)''
        WHEN 99999 THEN ''Not Encrypted'' 
    ELSE ''Unknown State...''    
    END as ''EncryptionStatus'',  
    cast(c.name as varchar(128)) AS ''CertificateName'' 
    from 
        sys.databases d left outer join 
        sys.dm_database_encryption_keys a ON d.database_id = a.database_id    
        LEFT OUTER join sys.certificates c  ON a.encryptor_thumbprint = c.thumbprint'
    end
else
begin
SET @SQLString ='select cast(@@servername as varchar(128))as ''ServerName'',name as ''DatabaseName'',''Instance Does not support Encryption''as ''EncryptionStatus'',cast('''' as varchar(128)) AS ''CertificateName'' from sys.databases '
end;
EXECUTE sp_executesql @SQLString;
Posted in DBA Scripts | Leave a comment

SQL Server Encryption (TDE)

The following is basically a keep safe for myself of useful Encryption related scripts that I use on a daily basis when dealing with MSSQL Servers TDE Encryption.

If it’s any use. Feel free to copy and re-use any parts

5 Steps to encrypt your database

  1. Generate Master Key
  2. Generate Main Certificate
  3. Backup Keys
  4. Generate a key in a database
  5. Switch on encryption

Generate master keys and Certificates

Create a service master key

Create Master Key Encryption By Password = 'MyPassword'

Create a Master Certificate

CREATE CERTIFICATE MyCertificate WITH SUBJECT = 'My Certificate'

** IMPORTANT**

Backup the Main Certificate. This is required for other servers and DR.. You cannot restore the database without it. Keep these files safe somewhere..

 

Backup Certificates to files

BACKUP CERTIFICATE MyCertificate TO FILE = 'c:\temp\MyCertificateBackup.bck'
WITH PRIVATE KEY (
  FILE = 'c:\Temp\MyPrivateKey.key',
  ENCRYPTION BY PASSWORD = 'MyPassword');
Always backup your certificate files to disk and store safely

Always backup your certificate files to disk and store safely

Generate a Key in a database

First Connect to the database you want to encrypt.

USE TestEncryption
GO

Now create a database encryption Key in the database using the certificate created earlier

CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE MyCertificate

 

Switch on Encryption

To switch on the database encription run the command below

ALTER DATABASE TestEncryption SET ENCRYPTION ON

This will start the encryption engine running.

The database file is not immediately encrypted. The file is slowly encrypted as a background task by SQL server. The database is fully usable while the database is being encrypted and the encryption progress can be monitored using the command:

Select 
    db_name(database_id), 
    CASE encryption_state 
        WHEN 0 THEN 'No database encryption key present, no encryption'
        WHEN 1 THEN 'Unencrypted'
        WHEN 2 THEN 'Encryption in progress'
        WHEN 3 THEN 'Encrypted'
        WHEN 4 THEN 'Key change in progress'
        WHEN 5 THEN 'Decryption in progress'
        WHEN 6 THEN 'Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)'
        ELSE 'Unknown State...'
        END  from sys.dm_database_encryption_keys

After the flag to enable encryption was changed the status changes to Encryption in progress

DB is not immediately encrypted

DB is not immediately encrypted

20 seconds later in the example database the encryption was completed.

After encryption the DB is marked as encrypted and you are finished

After encryption the DB is marked as encrypted and you are finished

 

 

 

Proof Encryption works

Just having a flag stating the database is encrypted is never enough.. So the following section will demonstrate that the database files are encrypted and that the data cannot be accessed.

 

A test database called “TestEncryption” was created with a single table “dbo.Table_1”

CREATE TABLE [dbo].[Table_1](

[col1] [int] NULL,
[col2] [nvarchar](20) NULL,
[col3] [nvarchar](40) NULL,
[col4] [nvarchar](80) NULL,
[col5] [nvarchar](120) NULL,
[col6] [nvarchar](240) NULL

)

The table has been populated with 3,000,000 rows containing padded incremental numbers

Here is an excerpt

Data as viewed in Management Studio

Data as viewed in Management Studio

The highlighted rows can easily be found when opening the raw SQL server data file in a hexadecimal editor as shown below.

Data viewed in hex editor before Encryption

Data viewed in hex editor before Encryption

 

After the encryption the same point in the file looks like this.

Data viewed in hex editor after encryption

Data viewed in hex editor after encryption

 

 

 

Useful statements

Show Encryption status and Certificate used

use master
GO

select @@servername, db_name(d.database_id) ,
CASE COALESCE(a.encryption_state, 99999)
        WHEN 0 THEN 'No database encryption key present, no encryption'
        WHEN 1 THEN 'Unencrypted'
        WHEN 2 THEN 'Encryption in progress'
        WHEN 3 THEN 'Encrypted'
        WHEN 4 THEN 'Key change in progress'
        WHEN 5 THEN 'Decryption in progress'
        WHEN 6 THEN 'Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)'
        WHEN 99999 THEN 'Not Encrypted'
        ELSE 'Unknown State...'
        END ,
        c.name AS 'CertificateName' 
from sys.databases d
left outer join sys.dm_database_encryption_keys a ON d.database_id = a.database_id
LEFT OUTER join sys.certificates c  ON a.encryptor_thumbprint = c.thumbprint
order by c.name  desc

CheckEncryptionResults

Show Encryption – Multi-server Edition

A more advanced version of the above that’s great if you are running against multiple servers at a time for audit purposes

This statement differs in that if checks to ensure the server supports encryption before checking but still includes server in results.

DECLARE @EngineVer int;
DECLARE @SQLVer int;
DECLARE @SQLString nvarchar(1024);

-- ensure teht server is newer 
SELECT @SQLVer = substring(cast(SERVERPROPERTY('ProductVersion') as varchar(126)),1,(charindex('.',cast(SERVERPROPERTY('ProductVersion') as varchar(126)))-1));
SELECT @EngineVer = convert(INT,SERVERPROPERTY ('EngineEdition'));


if @EngineVer = 3 and @SQLVer > 9
begin
SET @SQLString = '    
    select cast(@@servername as varchar(126)) as ''ServerName'', cast(db_name(d.database_id) as varchar(128)) as ''DatabaseName'', 
    CASE COALESCE(a.encryption_state, 99999)     
        WHEN 0 THEN ''No database encryption key present, no encryption''     
        WHEN 1 THEN ''Unencrypted''      
        WHEN 2 THEN ''Encryption in progress''         
        WHEN 3 THEN ''Encrypted''         
        WHEN 4 THEN ''Key change in progress''         
        WHEN 5 THEN ''Decryption in progress''         
        WHEN 6 THEN ''Protection change in progress (The certificate or asymmetric key that is encrypting the database encryption key is being changed.)''
        WHEN 99999 THEN ''Not Encrypted'' 
    ELSE ''Unknown State...''    
    END as ''EncryptionStatus'',  
    cast(c.name as varchar(128)) AS ''CertificateName'' 
    from 
        sys.databases d left outer join 
        sys.dm_database_encryption_keys a ON d.database_id = a.database_id    
        LEFT OUTER join sys.certificates c  ON a.encryptor_thumbprint = c.thumbprint'
    end
else
begin
SET @SQLString ='select cast(@@servername as varchar(128))as ''ServerName'',name as ''DatabaseName'',''Instance Does not support Encryption''as ''EncryptionStatus'',cast('''' as varchar(128)) AS ''CertificateName'' from sys.databases '
end;
EXECUTE sp_executesql @SQLString;

 

 

 

 

 

 

 

 

 

Posted in DBA | Leave a comment

Installig SQL 2008R2 SP3 failed – Crytographic Error

Installing SQL Server 2008R2 SP3 should be a relatively easy and trouble free experience. In recent months I have updated over 50 instances with no issues.

Most of the time it’s a brainless repeatable process. Script logins, Backup databases, run  updates, test etc..
Then comes along something that causes me to think.

I was recently upgrading a batch of instances. I had my plan together and was running through the motions.

3 of the servers went through without a hiccup but e 4th failed almost immediately. Thinking it was something as simple as the server needed a refresh I performed a restart but came upon the same issue the second time.

Opening up the logs I was confronted with the following:

 Overall summary:
  Final result:                  The patch installer has failed to update the following instance: MSSQLSERVER. To determine the reason for failure, review the log files.
  Exit code (Decimal):           -2068053019
  Exit facility code:            1212
  Exit error code:               997
  Exit message:                  The patch installer has failed to update the following instance: MSSQLSERVER. To determine the reason for failure, review the log files.

Not a great deal of use

Looking further down the error log

 Log with failure:              C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20150328_100315\MSSQLSERVER\SqlSupport_Cpu64_1.log

OK. So now we have a detailed log file.

My rule of thumb with installer errors is to always look for the text ” Return value 3. “. The lines above this normally indicate the cause of the issue or at least where to look.

In my case I was confronted with

MSI (s) (E8:84) [10:06:04:385]: Source type from package 'sqlsupport.msi': 1
MSI (s) (E8:84) [10:06:04:385]: SECREPAIR: Hash Database: C:\Windows\Installer\SourceHash{74964326-CB2C-413B-B574-C4A90B8033E3}
MSI (s) (E8:84) [10:06:04:385]: SECREPAIR: SourceHash database file already exists. Deleting it.
MSI (s) (E8:84) [10:06:04:385]: Note: 1: 2262 2: SourceHash 3: -2147287038 
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: New Hash Database creation complete.
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:401]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:416]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Crypt Provider not initialized. Error:997
MSI (s) (E8:84) [10:06:04:432]: SECUREREPAIR: Failed to CreateContentHash of the file: Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x64\Microsoft.SqlServer.Configuration.AgentExtension.dll: for computing its hash. Error: 997
MSI (s) (E8:84) [10:06:04:432]: SECREPAIR: Failed to create hash for the install source files
MSI (s) (E8:84) [10:06:04:432]: SECUREREPAIR: SecureRepair Failed. Error code: 3e5F47C23A8
Action start 10:06:04: ProcessComponents.
MSI (s) (E8:84) [10:06:07:458]: 
Error 997. Overlapped I/O operation is in progress.

MSI (s) (E8:84) [10:06:07:458]: Machine policy value 'DisableRollback' is 0
MSI (s) (E8:84) [10:06:07:458]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
Action ended 10:06:07: ProcessComponents. Return value 3.
MSI (s) (E8:84) [10:06:07:458]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (E8:84) [10:06:07:458]: No System Restore sequence number for this installation.
MSI (s) (E8:84) [10:06:07:458]: Unlocking Server
Action ended 10:06:07: INSTALL. Return value 3.

Overlapping I/O Process, CryptAquireContext errors . none of these look good.

So I dismissed the overlapping I/O as the services were stopped at the time of the error.

OK. So clearly something was wrong with the Cryptographic provider, but what? I’m logged in as a local admin. I’m an SA. Cryptographic services are running. I even retested after stopping and restarting the Cryptographic services.

I manually deleted the Hash Database but nothing was working.

So what can cause the Crypt Services to fail? Well having been around the wintel world for 20+ years I have some rudimentary knowledge (Or scars) of this and know of a few areas to look.

Cryptographic keys are not just used for the installation. They are also integral to your user profile. I had not noticed any issues when logging in but I thought I’d check anyhow.

I logged off and on again. True to form a little message pops up in the corner.

User Profile Error

I had not noticed this the first time I logged in but that’s no guarantee it had not been there. After all I was swapping between machines to patch.

Luckily this turned out to be a relatively easy fix. As the company I work for has multiple domains I logged on using a different account I have and deleted my profile from the disk. Upon logging in again it recreated my profile properly and no message was displayed

This time upon installing the patch I was confronted with a message I’m used to.

SQL 2008R2 Service pack 3 Success message

So lessons Learned and a new scar. I spent about an hour trying to over think what in SQL Server could be causing the issue when I should have looked more carefully at the error.

Posted in DBA | 1 Comment

Android Kitkat 4.4.4 on the HP Touchpad

Some time ago in the HP firesale I purchased a 32GB HP Touchpad.

HPTouchpad

I liked WebOS and had no issues using it however after migrating from an iPhone to a android powered phone (Something I feel was definitely an upgrade) I was delighted to see that some clever people had ported Android to the Touchpad.

In it’s initial incarnation it was a modified version of CyanogenMod 8 and later CyanogenMod 9. There was always something that did not work perfectly such as bluetooth sometimes dropping out or the camera not always working but for a internet and mail surfing tablet it was excellent.

Well those clever chaps (mainly JC Sullins) have been working tirelessly and have ported kitKat 4.4.4 to the HP Touchpad.

HP Touchpad Running Android 4.4.4

HP Touchpad Running Android 4.4.4

Unlike the previous port that sat side by side to WebOS and allowed you to dual boot the new installer allows you to completely uninstall WebOS and have all that lovely memory partitioned for Android usage.

This is important for a number of reasons but the main one is the ability to install more and now slow down.

I will not go into writing install instructions here as the amazing people at liliputing have done a great article already that can be located here.

Installation is easier then ever in that you don’t have to install much on your PC or have much of a technical background. Just click and wait. Yes there are a few downloads to perform but thats about it. The trick is a new client side tool called TPToolbox. This will replace existing installs or reformat the Touchpad completely ready fro a new OS install.

Worried about stability?

Don’t be. It’s as stable as any Ipad or android tablet I’ve used and seems to being a whole new life to my Touchpad. Yes the hardware is getting a little old now but the Touchpad is still higher specified than some of the chinese imports or lower end of the market and is by no means a slouch.

It’s so good I have purchased an additional second hand additional unit for my kids to use.

android_4.4._kitkat

 

Posted in Computers | Tagged , , | Leave a comment

BikePark Wales – 1st Year Anniversary

BikeParkLogo

Time to post a updated review on BikePark Wales now that it’s been open for 1 year.

BikePark Wales is possibly the UK’s best mountain biking center. It’s a purpose built facility in the heart of the Welsh valleys.

The center hosts a large number of trails for all skill levels. They even have uplift facilities where they have between 4 and 6 vans constantly taking riders up the 20 min drive to the top of the valley.

I first went to BikePark Wales in it’s opening month back in August 2013. I think it was the second weekend it had been open. The trail center was clean and tidy and the trails were in perfect condition. It was a very wet weekend and whilst I was covered in mud and freezing for 2 days I could not stop smiling. It was probably the most enjoyable time I have ever spent on a bike.

I returned in April 2014 expecting the trails to be a little worn. When you think that 200+ riders had been using each trail multiple times a day in all weather conditions you’d forgive them looking a little tired. In April they remained looking and feeling new.

Continue reading

Posted in Mountain Biking | Leave a comment

Review: WinForce 5000mAh 2s 30C Battery

I thought it was about time for another review. What better thing to review that a Lipo battery on a budget? Here is my review of the WinForce 5000mAH Lipo battery that is widely available from eBay.


Continue reading

Posted in Radio Control | 1 Comment

Review: BTY AA 2500mAh 1.2V Ni-MH Rechargable Battery

Rechargeable batteries are a great way of saving money. Especially these days where electronic devises are everywhere.

I’ve used many makes of battery from expensive top brands to unbranded imports.

My recent purchase was 24 BTY batteries purchased from a seller on eBay. I have no connection to anyone selling these batteries and this is a completely independent review.

Quite often imports from Hong Kong are unbranded products re-branded to be appealing to Western buyers. It’s prudent to take any brands and rated capacities with a pinch of salt and deciding if you want to take the risk or not.

Continue reading

Posted in Product Reviews | 7 Comments

Traxxas Rustler

Another eBay purchase of mine. The 2WD Traxxas Rustler.

 A stock picture of the Rustler in action

£35 including delivery. :)

 The car was sold as spares or repair due to the transmitter battery cover being missing. As I’ll be using my own transmitter anyway this is not an issue. The car looked like new.

Continue reading

Posted in Radio Control | Leave a comment

Thunder Tiger Sparrowhawk XT

Thunder Tiger SparrowHawk XT.

A recent purchase of mine thats progressing into a really nice runner.

This car was originally a Tomahawk nitro model. The previous owner had issues keeping it running on nitro and converted it into a sparrowhawk using all original parts.
The conversion cost over £120. Continue reading

Posted in Radio Control | Leave a comment

WordPress Installation

I’ve looked into a number of CMS and blogging type applications and for what it’s worth WordPress gets my recomendation.

Installation was simple. Nothing required configuring on the server and everything just worked as expected. Continue reading

Posted in Everything Else | Leave a comment