JSI Tip 6641. When you encrypt data on a cluster shared disk, you may subsequently be refused access?

The subject behavior will occur if both of the follow are true:

1. You do NOT use a roaming profile.

2. The shared resource has failed over to the other node.

When you encrypt data on a shared resource, you receive a certificate from the node that is currently hosting the resource. This certificate and its' keys are stored in your profile. When the resource fails over to the other node, you don't have the appropriate key to decrpyt the data.

The only real solution is convert your local profile into a roaming profile.

The other solution is to export the certificate and keys from the node where the data was encrypted, using a .pfx file in pkcs#12 format, and import them in the local profile of the other node. This solution is temporary, as it will need to be done each time the certificate expires.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish