IBM Support

Restore db encrypt with 'show master key details' may failed with SQL1782N if Master node is down.

Technical Blog Post


Abstract

Restore db encrypt with 'show master key details' may failed with SQL1782N if Master node is down.

Body

When Master Node is Down:

 

db2 "restore db test into test1 encrypt 'show master key details' encrypt"

SQL1782N The command or operation failed because an error was encountered
accessing the centralized key manager. Reason code "5:111".

 

This is Restore operation of Database with 'show master key details' option.

SHOW MASTER KEY DETAILS need to be used if we do not have encrypt key details,So that we can retrieve those Details from Backup image and use for encryption by inserting
same in Keystore.

 

i.e. "If you cannot remember what master key label was used to protect a backup image, run the
RESTORE DATABASE command with the SHOW MASTER KEY DETAILS encryption option. The command
returns the label for each master key that was used to protect the backup image, as well
as the path to the keystore and the server name and server IP address where the master
key was located at the time that the backup was taken."

 

With Master Node not available and Clone being Read Only this should fail.

Clone servers are considered read only and are only used for retrieving existing master
keys from the centralized Keystore.Clone servers are not used when inserting a new key hence error SQL1782N.


If Database is already added to Keystore and we are aware of the Label for Master Key
we can used Restore Database command option MASTER KEYLABEL.
e.g.
db2 "restore db test into test1 encrypt cipher AES KEY LENGTH 256 MASTER KEY
LABEL <Label-name>"

[{"Business Unit":{"code":"BU029","label":"Data and AI"}, "Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11140298