Ein Azure-Dienst für relationale Datenbanken.
Hi @Toni August
Our analysis indicates that the database was previously configured with a database-level customer-managed key (CMK). Although the database was later switched back to server-level encryption after the Azure Key Vault recovery, a residual reference to the previously configured encryption key was not fully removed.
As part of Azure SQL Database's periodic Transparent Data Encryption (TDE) validation process, the service attempted to validate access to the historical key reference. Because the managed identity previously associated with the CMK configuration was no longer available, the validation could not be completed, causing the database to transition to the Inaccessible state.
To resolve the issue, please:
- Reassign the user-assigned managed identity that was previously used for the CMK configuration to the logical SQL server.
- Verify that the Azure Key Vault key previously used for TDE is present, enabled, and accessible.
- Ensure the managed identity has the required Azure Key Vault permissions: Get, Wrap Key, and Unwrap Key.
- Retry the key validation operation from the Transparent Data Encryption (TDE) settings page.
Once key validation succeeds, the database should transition back to an accessible state.