Hi Team,
I am trying to enable TDE on SQL on Azure VM, at the asymmetric key create step it fail with the following error.
Msg 33028, Level 16, State 1, Line 29
Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3110. (Provider Error - No explanation is available, consult EKM Provider for details)
Windows event log:
Vault Name: keyvaultsql01.vault.azure.net Operation: acquireToken Key Name: Message: [error:110, info:400, state:0] The request is invalid. This usually means the key name is invalid or contains invalid characters.
What I did so far is:
in Azure portal -
- Created Azure Key Vault
- Application registered
- Key added to application
- Added policy
- Key added in Key Vault
in SQL/vm
- SQL Server connector installed
- Cryptographic provider created
- Credential created
- Login created (sysadmin) and mapped credential
then tried to create Asymmetric key, it failed with above mentioned error. Do I need to add specific access rights for accessing key vault? anything I miss? note that I did not install Azure powershell on vm, is it really required?
Thanks,
Ashu