Data Encryption key not being accepted after move RRS feed

  • Question

  • Following some issues we moved our in house CRM to a new server (CRM and SQL).  The old server was running 2016 but had been upgraded a number of times from previous versions.  The new server has clean/fresh install of CRM2015, SQL2014 and w2012 R2. Into which we imported the Organisation from the old server using the Deployment manager using a recent database back up.

    On the old server data encryption had been activated.  We had stored the key used (and I have checked it against the old install).

    When I went to activate encryption on the new server using the old servers key it wasn't accepted because it doesn't include a non alphanumeric character.

    How do I activate data encryption on the new server, so the previously encrypted data is available?



    Thursday, March 10, 2016 5:45 PM

All replies

  • Hi Antony,

        Please refer here for instructions on how to configure data encryption for CRM 2015.

    One other thing - did I read you right in that you are taking a CRM 2016 database and importing it on a clean install of CRM 2015? I don't believe downgrading like that is an option and might be a reason for the issue you are experiencing.


    Sunday, March 13, 2016 1:32 AM
  • Hi John,

    Thanks, I had found that link.

    I didn't explain the situation clearly enough.  I will clarify.

    We had an existing CRM server that originally started off on W2003 and CRM3.  This install had been upgraded over the years until it reached W2012 and CRM2016.  After the upgrade from CRM2015 to CRM2016 at the end of Feb2016 we started having major issues with using CRM2016.  Things like not being able to enter anything into the body section of new emails, VERY slow responses, sychronisation failures etc.  

    After posting on this forum and finding out that you cannot rollback CRM2016 to CRM2015 we decided to try starting with a new/clean install of OS/SQL/CRM and importing in the organisation on the new server.  Because the import turns off encryption you have to enter the key again into the system to get access to the encrypted data (as I understand it).

    In the CRM install on the old server we had entered a key sometime prior to the time we upgraded the old install to CRM2016.

    The problem occurred when we tried to enter that original key into the new/clean install.  The key wasn't accepted because it didn't contain a symbol or special character.  It appears sometime during CRM versions this requirement was brought in but no check/warning was done on existing keys to make sure that they complied with the new requirements.  It is only if you move and import the organisation into a different environment that you need to re-enter the key.

    Hope this explains the problem better.

    In the end as we were lucky enough to still have access to the old install, I went back into that and

    1. changed the encryption key to meet the new requirements and
    2. allowed that to go through the re-encryption process,
    3. backed up the Org database on the old server,
    4. deleted the previously imported organisation on the new server,
    5. restored the org database with 'replace' on the new server,
    6. imported the organisation into the new CRM server
    7. entered the updated key in the new server.

    This has fixed our issue.  However, if someone doesn't have access to an old working install they are not going to be able to access the previously encrypted data.

    In my view during the upgrade process we should be forced to update the data encryption key.  This would ensure it meets any new requirements.


    Sunday, March 13, 2016 3:45 PM