{"id":44986,"date":"2026-06-09T17:01:28","date_gmt":"2026-06-09T15:01:28","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=44986"},"modified":"2026-06-09T17:19:26","modified_gmt":"2026-06-09T15:19:26","slug":"sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/","title":{"rendered":"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall"},"content":{"rendered":"\n

I recently came across an interesting case involving a client whose application used SQL Server symmetric keys to encrypt sensitive data. The database was hosted in an Always On Availability Group environment for high-availability and disaster-recovery.<\/p>\n\n\n\n

The interesting and challenging aspect of this setup is ensuring that the encryption and decryption remains intact after a failover. <\/p>\n\n\n\n

This challenge originates from SQL Server’s encryption hierarchy. In a typical setup, the Service Master Key (SMK) on server level protects the Database Master Key (DMK) on database level. The Database Master Key, in turn, protects certificates and asymmetric keys, while certificates are commonly used to protect symmetric keys. These symmetric keys may then be used by the application to encrypt and decrypt sensitive data.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

When a failover to a secondary replica occurs, the Service Master Key (SMK) is no longer the same as on the previous primary replica. Since the Database Master Key (DMK) is typically encrypted by the local Service Master Key, SQL Server may no longer be able to open the DMK transparently after the failover. As a result, any encryption objects that depend on the DMK, such as certificates and symmetric keys, may become inaccessible, potentially causing application failures when encrypted data needs to be read or written.<\/p>\n\n\n\n

Let’s now explore the built-in approaches in SQL Server to ensure that the encryption hierarchy remains functional across replicas and that applications continue to operate seamlessly after a failover.<\/p>\n\n\n\n

First, let’s create a test database and a Database Master Key:<\/p>\n\n\n

\n-- Create Demo DB\nCREATE DATABASE TestDMK;\nGO\n--Backup DB\nBACKUP DATABASE TestDMK\nTO DISK = 'C:\\SQLServer_mnt\\BACKUP\\TestDMK.bak';\ngo\n-- Create Database Master Key\nCREATE MASTER KEY\nENCRYPTION BY PASSWORD = 'MyVeryStrongPassword_123!';\nGO\n-- Check Master Key\nSELECT DB_NAME() as DB, *\nFROM sys.symmetric_keys\nWHERE name = '##MS_DatabaseMasterKey##';\nGO\n\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
It is worth noting that you can verify whether a Database Master Key is also encrypted by the Service Master Key by querying the sys.databases<\/strong> catalog view. When a Database Master Key is created, SQL Server typically adds encryption by the Service Master Key automatically. This behaviour can be changed by explicitly removing the Service Master Key encryption.<\/p>\n\n\n
\nselect is_master_key_encrypted_by_server, * from sys.databases where name = 'TestDMK'\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
With the Database Master Key in place, let’s create a certificate and a symmetric key that will be used throughout the remainder of this demonstration.<\/p>\n\n\n
\nCREATE CERTIFICATE [mainDBCert] --> This cert is going to be encrypted by the dmk\nWITH SUBJECT = 'test Cert';\ngo\nCREATE SYMMETRIC KEY mainKey\nWITH ALGORITHM = AES_256\nENCRYPTION BY CERTIFICATE mainDBCert;\ngo\nSELECT * FROM sys.certificates;\nSELECT * FROM sys.symmetric_keys WHERE name <> '##MS_DatabaseMasterKey##';\nSELECT * FROM sys.symmetric_keys;\ngo\n\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
To demonstrate the encryption and decryption process, let’s create a simple table that will contain sensitive information and insert some data.<\/p>\n\n\n
\n--create table with sensitive data\nCREATE TABLE CreditCards\n(\n    Id int,\n    CreditCardNr varbinary(max),\n    CVC varbinary(max),\n    ExpirationDate varbinary(max)\n);\ngo\n--open symmetric key\nOPEN SYMMETRIC KEY mainKey\nDECRYPTION BY CERTIFICATE mainDBCert;\n--insert sensitive data\nINSERT INTO Cred\u00eetCards\nVALUES\n(\n    1,\n    EncryptByKey(Key_GUID('mainKey'), '1234-5678-9012-3456'),\n    EncryptByKey(Key_GUID('mainKey'), '123'),\n    EncryptByKey(Key_GUID('mainKey'), '1233')\n);\nCLOSE SYMMETRIC KEY mainKey;\nGO\nSelect * from CreditCards\n\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
If we query the table without opening the symmetric key and decrypting the values, we can see that we won\u2019t see the data.<\/p>\n\n\n
\n--select data without decryption\nSELECT\n    Id,\n    CONVERT(varchar(50), CreditCardNr) AS CreditCardNr,\n    CONVERT(varchar(10), CVC) AS CVC,\n    CONVERT(varchar(10), ExpirationDate) AS ExpirationDate\nFROM CreditCards;\n\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
However, if we open the symmetric key first and use it to decrypt the data, we are able to retrieve the original sensitive information:<\/p>\n\n\n
\nOPEN SYMMETRIC KEY mainKey\nDECRYPTION BY CERTIFICATE mainDBCert;\nGO\nSELECT\n    Id,\n    CONVERT(varchar(50), DecryptByKey(CreditCardNr)) AS CreditCardNr,\n    CONVERT(varchar(10), DecryptByKey(CVC)) AS CVC,\n    CONVERT(varchar(10), DecryptByKey(ExpirationDate)) AS ExpirationDate\nFROM Cred\u00eetCards;\nGO\nCLOSE SYMMETRIC KEY mainKey;\nGO\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
Now let’s add our database to an Always On Availability Group to provide high availability and disaster recovery. If you follow the Availability Group wizard, you may notice that the wizard asks you to enter a password. What the wizards is asking for here is the password of the Database Master Key (DMK). The DMK protects the certificate in our encryption hierarchy, and the certificate, in turn, protects the symmetric key used to encrypt and decrypt the sensitive data.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
On the right-hand side of the wizard, there is a small and easily overlooked text box where you can enter the Database Master Key password.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
And now comes the tricky – and at the same time somewhat surprising – part. If you use automatic seeding, which is my preferred option whenever the database size allows it, the process will skip the part where the Master Key password is verified and applied on the secondary replicas.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
As a result, when a failover occurs, SQL Server would no longer be able to open the Database Master Key (DMK) transparently on the new primary replica. Consequently, the application would no longer be able to encrypt or decrypt data unless the Database Master Key is explicitly opened first with the password.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
In such a scenario, the issue can be resolved by storing the Database Master Key password as a credential on each replica using the sp_control_dbmasterkey_password <\/strong>stored procedure. SQL Server can then use this credential to automatically open the Database Master Key after a failover, allowing the encryption hierarchy to remain intact and ensuring that certificates, symmetric keys, and encrypted data remain accessible transparently.<\/p>\n\n\n\n
!!Note that you must do that on each replica!!<\/strong><\/p>\n\n\n
\nsp_control_dbmasterkey_password @db_name = N'TestDMK'\n    , @password = N'MyVeryStrongPassword_123!'\n    , @action = N'add';\nselect * from sys.master_key_passwords;\nselect * from sys.credentials;\n\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
Once the credential has been created, SQL Server is again able to open the Database Master Key transparently. As a result, the application can continue to encrypt and decrypt data without having to explicitly open the Master Key with the password.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
There is also an option by which SQL Server automatically creates the Database Master Key credential across all replicas when a database is joined to an Availability Group. This happens when “Full Database Backup and Log Backup”<\/strong> is selected as the initial data synchronization option in the Availability Group wizard.<\/p>\n\n\n\n
To demonstrate this, let’s remove the previously created credential using the same stored procedure.<\/p>\n\n\n
\nsp_control_dbmasterkey_password @db_name = N'TestDMK'\n    , @password = N'MyVeryStrongPassword_123!'\n    , @action = N'drop';\nselect * from sys.master_key_passwords;\nselect * from sys.credentials;\n\n<\/pre><\/div>\n\n\n
\"\"<\/figure>\n\n\n\n
Now, let’s select “Full Database and Log Backup”<\/strong> as the initial data synchronization option in the Availability Group wizard.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
As you can see, the process is no longer skipping the Database Master Key password validation step.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
In the summary, you can see that the process automatically created the Database Master Key password credential on each replica.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
If you check the credentials on each replica afterwards, you can verify that they were created automatically.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
As the Database Master Key password credential has been added to all replicas, SQL Server can transparently open the DMK after a failover. As a result, the application can continue to encrypt and decrypt data without having to explicitly open the Database Master Key.<\/p>\n\n\n\n
But one question still puzzles me:<\/strong> why the same operation isn’t performed automatically when automatic seeding is used?<\/p>\n\n\n\n
Honestly, I have no clue yet. If you know more let me know it in the comments section. I’d love to learn more about it.<\/p>\n\n\n\n
Thanks for reading \u2013 Hocine \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"
I recently came across an interesting case involving a client whose application used SQL Server symmetric keys to encrypt sensitive data. The database was hosted in an Always On Availability Group environment for high-availability and disaster-recovery. The interesting and challenging aspect of this setup is ensuring that the encryption and decryption remains intact after a […]<\/p>\n","protected":false},"author":145,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[198,99],"tags":[652,4103,280,790,447,84,4104],"type_dbi":[],"class_list":["post-44986","post","type-post","status-publish","format-standard","hentry","category-database-management","category-sql-server","tag-data","tag-data-security","tag-database","tag-disaster-recovery","tag-encryption","tag-high-availability","tag-sql-server-3"],"acf":[],"yoast_head":"\nSQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall\" \/>\n<meta property=\"og:description\" content=\"I recently came across an interesting case involving a client whose application used SQL Server symmetric keys to encrypt sensitive data. The database was hosted in an Always On Availability Group environment for high-availability and disaster-recovery. The interesting and challenging aspect of this setup is ensuring that the encryption and decryption remains intact after a […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-09T15:01:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-09T15:19:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/06\/image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"509\" \/>\n\t<meta property=\"og:image:height\" content=\"529\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Hocine Mechara\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hocine Mechara\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/\"},\"author\":{\"name\":\"Hocine Mechara\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/29415d02bc1b50884796a01cf649951f\"},\"headline\":\"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall\",\"datePublished\":\"2026-06-09T15:01:28+00:00\",\"dateModified\":\"2026-06-09T15:19:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/\"},\"wordCount\":975,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2026\\\/06\\\/image.png\",\"keywords\":[\"data\",\"Data Security\",\"database\",\"disaster recovery\",\"encryption\",\"High availability\",\"SQL-Server\"],\"articleSection\":[\"Database management\",\"SQL Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/\",\"name\":\"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2026\\\/06\\\/image.png\",\"datePublished\":\"2026-06-09T15:01:28+00:00\",\"dateModified\":\"2026-06-09T15:19:26+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/29415d02bc1b50884796a01cf649951f\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2026\\\/06\\\/image.png\",\"contentUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2026\\\/06\\\/image.png\",\"width\":509,\"height\":529},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/29415d02bc1b50884796a01cf649951f\",\"name\":\"Hocine Mechara\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f771f838feed0619485da1e42ae05d771dcb446e1f4785244582280315fa73c3?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f771f838feed0619485da1e42ae05d771dcb446e1f4785244582280315fa73c3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f771f838feed0619485da1e42ae05d771dcb446e1f4785244582280315fa73c3?s=96&d=mm&r=g\",\"caption\":\"Hocine Mechara\"},\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/hocinemechara\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/","og_locale":"en_US","og_type":"article","og_title":"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall","og_description":"I recently came across an interesting case involving a client whose application used SQL Server symmetric keys to encrypt sensitive data. The database was hosted in an Always On Availability Group environment for high-availability and disaster-recovery. The interesting and challenging aspect of this setup is ensuring that the encryption and decryption remains intact after a […]","og_url":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/","og_site_name":"dbi Blog","article_published_time":"2026-06-09T15:01:28+00:00","article_modified_time":"2026-06-09T15:19:26+00:00","og_image":[{"width":509,"height":529,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/06\/image.png","type":"image\/png"}],"author":"Hocine Mechara","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Hocine Mechara","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/"},"author":{"name":"Hocine Mechara","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/29415d02bc1b50884796a01cf649951f"},"headline":"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall","datePublished":"2026-06-09T15:01:28+00:00","dateModified":"2026-06-09T15:19:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/"},"wordCount":975,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/06\/image.png","keywords":["data","Data Security","database","disaster recovery","encryption","High availability","SQL-Server"],"articleSection":["Database management","SQL Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/","url":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/","name":"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/06\/image.png","datePublished":"2026-06-09T15:01:28+00:00","dateModified":"2026-06-09T15:19:26+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/29415d02bc1b50884796a01cf649951f"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/06\/image.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2026\/06\/image.png","width":509,"height":529},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-always-on-availability-groups-and-database-master-keys-a-hidden-failover-pitfall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SQL Server Always On Availability Groups and Database Master Keys: A Hidden Failover Pitfall"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/29415d02bc1b50884796a01cf649951f","name":"Hocine Mechara","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f771f838feed0619485da1e42ae05d771dcb446e1f4785244582280315fa73c3?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f771f838feed0619485da1e42ae05d771dcb446e1f4785244582280315fa73c3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f771f838feed0619485da1e42ae05d771dcb446e1f4785244582280315fa73c3?s=96&d=mm&r=g","caption":"Hocine Mechara"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/hocinemechara\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/44986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/145"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=44986"}],"version-history":[{"count":7,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/44986\/revisions"}],"predecessor-version":[{"id":45016,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/44986\/revisions\/45016"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=44986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=44986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=44986"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=44986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}