Service Broker may not work after Failover in AG.
Posted by Simon Cho on 09/22/2016
We need to check a couple of setting.
- Service broker Enable : By default disabled even restored from Primary
- Doesn’t allow enabled broker in AG setting. It’s required remove first.
- First failover only.
- Trustworthy On : By default off even restored from Primary.
- First failover only.
- Encryption/Decryption issue
- Database master key encrypted by “Service Master key”.
- So secondary instance can’t encrypt/decrypt master key since Service master key created at the first installation.
- Temporary solution : alter master key with current instance service master key
- Once failover, it need to execute.
Script
— #1 : First failover only. Remove AG required. After run the script we can rejoin it.
SELECT name FROM sys.databases WHERE is_broker_enabled=1— If you don’t see your DB. need to run below command.
ALTER DATABASE <ServiceBrokerDB> SET ENABLE_BROKER
GO— #2 : Concorrunt connection may be interuppted. First failover only.
SELECT name FROM sys.databases WHERE is_trustworthy_on=1
— If you don’t see your DB. need to run below command.
ALTER DATABASE <ServiceBrokerDB> SET TRUSTWORTHY ON
GO
— #3 : Need to execute it every failover. More detail please see “Service Master Key” document.
OPEN MASTER KEY DECRYPTION BY PASSWORD = ‘x’ — Should be encrypted! See below
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
Simon's SQL 
Leave a Reply