none
SQL Server Connector acquireToken Error RRS feed

  • Question

  • When I try to create an asymmetric key in SQL Server using either of the statements shown below, I receive the following error:

    Cannot open session for cryptographic provider 'AzureKeyVault_EKM_Prov'. Provider error code: 3110.

    I found the following in the Windows Event Viewer for SQL Server Connector for Microsoft Azure Key Vault.

    Vault Name: TestVault.vault.azure.net

    Operation: acquireToken

    Key Name: Message: [error:110, info:400] The request sent from the connector is invalid. This usually means the key name is invalid or contains invalid characters.

    CREATE ASYMMETRIC KEY TestRsaKey   
    FROM PROVIDER [AzureKeyVault_EKM_Prov]  
    WITH PROVIDER_KEY_NAME = 'TestRsaKey',  
    CREATION_DISPOSITION = OPEN_EXISTING; 

    CREATE ASYMMETRIC KEY TestRsaKeyNew   
    FROM PROVIDER [AzureKeyVault_EKM_Prov]  
    WITH PROVIDER_KEY_NAME = 'TestRsaKeyNew', 
    ALGORITHM = RSA_2048, 
    CREATION_DISPOSITION = CREATE_NEW; 


    Chuck Hottle

    Thursday, October 5, 2017 6:50 PM

All replies

  • I was struggling with this for a bit as well. Not sure if you figured it out, but posting what fixed my issue in the event someone else has the same issue. 

    Make sure that in your CREATE CREDENTIAL statement, for the SECRET, you are using the ClientID (w/o hyphens) concatenated with the client secret and not just the secret.

    Wednesday, December 27, 2017 8:30 PM
  • Most likely a permission issue, the solution here in this post fixed the issue for me - https://www.visualstudiogeeks.com/devops/SqlServerKeyVaultConnectorProviderError2058RegistryConsultEKMProvider 

    Please remember to mark the replies as answers if they help.

    Tarun Arora

    Blog: http://geekswithblogs.net/TarunArora  Subscribe in a reader


    Facebook: Visual Studio Bytes

    Videos: ALM Videos

    Monday, July 30, 2018 7:38 PM
  • @Chuck:

    Just checking in if you have had a chance to see the previous response

    Wednesday, August 1, 2018 8:23 PM
  • If you forget remove the hyphens from the Client ID in Part 4 - 4 https://docs.microsoft.com/zh-cn/sql/relational-databases/security/encryption/setup-steps-for-extensible-key-management-using-the-azure-key-vault?view=sql-server-2016#part-iv-configure-includessnoversionincludesssnoversion-mdmd
    You will get the error code 3110 in Part 4 - 5
    • Proposed as answer by WayneNUS Tuesday, August 20, 2019 10:51 AM
    Tuesday, August 20, 2019 10:51 AM