Tip #243: If you lost your encryption key

In Tip #241, we recommended backing up your encryption key for CRM 2013. What if you didn’t do that, and now you have lost your encryption key.

There are several things that you can do. First of all, you cannot enable encryption in the organization if you don’t have the original key are there is data in the encrypted fields. But you can enable encryption if you delete the encrypted values or delete the records that contain the encrypted values.

You will not be able to open up the records with encrypted fields if the encryption key is not present, but you can delete the values via the web services, or using a tool like KingswaySoft SSIS adapter.

You can also delete the records that have the encrypted values. This includes the following entities:

  • Mailbox
  • Email Server Profile.

After deleting these records, you should again be able to enable encryption.

Share on FacebookTweet about this on TwitterShare on Google+

6 thoughts on “Tip #243: If you lost your encryption key

  1. Yasin says:

    I manage to create new password without deleting records in Crm 2015.
    I only set Null to password field of the Mailbox table from the organization DB.

  2. Hosk says:

    How do you delete Mailbox records.

    The mailboxes are dependant on queues and user records but you can’t delete these.

    • Joel Lindstrom says:

      True, but you can clear out the encrypted field data, which for mailbox records are the credential fields

    • Joel Lindstrom says:

      Actually you can delete the mailbox records. Update users and queues and clear out the mailbox field, then they can be deleted

Leave a Reply

Your email address will not be published. Required fields are marked *