Skip to Content
Technical Articles

How reset inconsistent master key in HANA

If your HANA DB is suffering from inconsistent master key , the below steps will help in correcting the same.

There can be cases where your backup of HANA DB fails specifying this issue after a takeover happened by secondary node from Primary node. In this case, follow the below steps to correct it .

TO CORRECT INCONSISTENT MASTER KEY

To test if master key is consistent or not . If below is FALSE, proceed as below per SAP Note 2097613 (section “B) Repair Inconsistent SSFS:

It’s of utmost importance that you follow the steps for verifying that you won’t suffer from data loss first. If you are not affected from data loss, you can proceed as follows (for primary and secondary). All commands are executed by sidadm:

==========================

1.Stop HANA DB

            HDB stop

            2.Rename the SSFS keys

            cd /usr/sap/<sid>/SYS/global/hdb/security/ssfs

            mv SSFS_<sid>.DAT SSFS_FVP.<sid>.invalid

            mv SSFS_<sid>.KEY SSFS_FVP.<sid>.invalid

            3.Set environment for resetting the master key.

            RSEC_SSFS_DATAPATH=`pwd` RSEC_SSFS_KEYPATH=`pwd` rsecssfx changekey            $(rsecssfx generatekey -getPlainValueToConsole)

            hdbnsutil -createSecureStore

            4.Start HANA DB

            HDB start

            5.Recreate the keys immediately

            hdbcons “crypto ssfs resetConsistency”     **Make sure you run thins command twice within            20 seconds!!

Execute SQL “ALTER SYSTEM APPLICATION ENCRYPTION CREATE NEW KEY”

Check if our issue has got resolved: =>Execute SQL “select * from m_securestore”

============================

Thanks for reading!
Like and leave a comment if it was useful!
Follow for more such posts! 🙂

/
Be the first to leave a comment
You must be Logged on to comment or reply to a post.