Tip #243: If you lost your encryption key

In Tip #241, we recommended backing up your encryption key for CRM 2013. What if you didn’t do that, and now you have lost your encryption key.

There are several things that you can do. First of all, you cannot enable encryption in the organization if you don’t have the original key are there is data in the encrypted fields. But you can enable encryption if you delete the encrypted values or delete the records that contain the encrypted values.

You will not be able to open up the records with encrypted fields if the encryption key is not present, but you can delete the values via the web services, or using a tool like KingswaySoft SSIS adapter.

You can also delete the records that have the encrypted values. This includes the following entities:

  • Mailbox
  • Email Server Profile.

After deleting these records, you should again be able to enable encryption.

8 thoughts on “Tip #243: If you lost your encryption key

  1. Yasin says:

    I manage to create new password without deleting records in Crm 2015.
    I only set Null to password field of the Mailbox table from the organization DB.

  2. Hosk says:

    How do you delete Mailbox records.

    The mailboxes are dependant on queues and user records but you can’t delete these.

    • Joel Lindstrom says:

      True, but you can clear out the encrypted field data, which for mailbox records are the credential fields

    • Joel Lindstrom says:

      Actually you can delete the mailbox records. Update users and queues and clear out the mailbox field, then they can be deleted

      • Jason says:

        Going back a little ways here, but it seems now, in v9 at least, that we can’t open the User record while Encryption is not activated, and it appears we can’t clear the field through the SDK/API either in order to delete the mailbox (nor can I update/blank out the password field of the mailbox through the SDK).

        Quite a pickle!

Leave a Reply

Your email address will not be published. Required fields are marked *