【发布时间】:2018-04-04 10:30:34
【问题描述】:
我该如何解决这个问题?有人经历过吗?我正在尝试通过运行以下脚本来在我的 sql server 数据库中启用始终加密,如教程中所述。我已经检查了我的 azure 中的租户 ID,AAD 一切似乎都很好,所以不知道为什么我会收到这个错误。事实证明很难找到任何有类似问题的资源/帮助。
New-AzureRmKeyVault : The specified vault already exists.
At line:1 char:1
+ New-AzureRmKeyVault -VaultName $akvName -ResourceGroupName $resourceG ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmKeyVault], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.NewAzureKeyVault
PS C:\Users\xxxxxxx> Set-AzureRmKeyVaultAccessPolicy -VaultName $akvName -ResourceGroupName $resourceGroup -PermissionsToKeys get, create, delete, list, update, import, backup, restore, wrapKey,unwrapKey, sign, verify -UserPrincipalName $azureCtx.Account
Set-AzureRmKeyVaultAccessPolicy : Cannot find the Active Directory object '' in tenant
'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'. Please make sure that the user or application service principal you are
authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet
'Get-AzureRmContext' is the current subscription's Azure Active directory.
At line:1 char:1
+ Set-AzureRmKeyVaultAccessPolicy -VaultName $akvName -ResourceGroupNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmKeyVaultAccessPolicy], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultAccessPolicy
PS C:\Users\xxxxxxx> $akvKey = Add-AzureKeyVaultKey -VaultName "AdeKeyVault1"-Name "ContosoFirstKey" -Destination "Software"
PS C:\Users\xxxxxxx> # Import the SqlServer module.
PS C:\Users\xxxxxxx> Import-Module "SqlServer"
PS C:\Users\xxxxxxx>
PS C:\Users\xxxxxxx> # Connect to your database (Azure SQL database).
PS C:\Users\xxxxxxx> $serverName = "xxxxxxxxxxxxxxxxx.windows.net"
PS C:\Users\xxxxxxx> $databaseName = "Hospital"
PS C:\Users\xxxxxxx> $connStr = "Server = " + $serverName + "; Database = " + $databaseName + "; Authentication
= Active Directory Integrated"
PS C:\Users\xxxxxxx> $connection = New-Object Microsoft.SqlServer.Management.Common.ServerConnection
PS C:\Users\xxxxxxx> $connection.ConnectionString = $connStr
PS C:\Users\xxxxxxx> $connection.Connect()
Exception calling "Connect" with "0" argument(s): "Failed to connect to server (local)."
At line:1 char:1
+ $connection.Connect()
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ConnectionFailureException
PS C:\Users\xxxxxxx> $server = New-Object Microsoft.SqlServer.Management.Smo.Server($connection)
PS C:\Users\xxxxxxx> $database = $server.Databases[$databaseName]
PS C:\Users\xxxxxxx>
PS C:\Users\xxxxxxx> # Create a SqlColumnMasterKeySettings object for your column master key.
PS C:\Users\xxxxxxx> $cmkSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyURL $akvKey.ID
PS C:\Users\xxxxxxx>
PS C:\Users\xxxxxxx> # Create column master key metadata in the database.
PS C:\Users\xxxxxxx> $cmkName = "CMK1"
PS C:\Users\xxxxxxx> New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings
New-SqlColumnMasterKey : Cannot validate argument on parameter 'InputObject'. The argument is null or empty. Provide
an argument that is not null or empty, and then try the command again.
At line:1 char:52
+ New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnM ...
+ ~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-SqlColumnMasterKey], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.SqlServer.Management.PowerShell.AlwaysEncrypt
ed.NewSqlColumnMasterKey
【问题讨论】:
-
$azureCtx.Account的值是多少?是用户的 UPN 吗? -
感谢您的回复,是的
-
您能否尝试指定
-ObjectId而不是用户主体名称?该值需要是用户的对象 ID。您可以通过某些 PS cmdlet 找到它,也可以从 Azure 门户的 Azure Active Directory -> 用户刀片中找到它。 -
好的,当我使用 objectId 时,我没有收到该错误,但后续错误仍然存在。即使用“0”参数调用“连接”的异常:“无法连接到服务器(本地)。”在 line:1 char:1 + $connection.Connect()
标签: sql-server powershell azure always-encrypted