Does manual failover of availability group bind an SSL certificate?

All we need is an easy explanation of the problem, so here it is.

I’m trying to find the least intrusive way to bind a new SSL certificate to an Always On Availability Group 3-node cluster. After applying the new certificate, a message appears that SQL Server will need to be restarted for the change to take effect.

Is failing over a group sufficient to bind the new certificate? Or does SQL Server have to be restarted from the Cluster Manager?

Thanks for any help.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Is failing over a group sufficient to bind the new certificate?

Unfortunately it is not. Failing over an AG does not restart the instance, rather it causes state changes to the AG in both the cluster and SQL Server.

Or does SQL Server have to be restarted from the Cluster Manager?

Please do not use FCM with AGs as it isn’t supported and can cause there to be synchronization issues between SQL Server and the Cluster, needing to be reset by stopping all instances of SQL Server and one by one bringing them back online. Note that this is only for AGs and not for FCIs which is perfectly fine to use FCM (unless the FCI also hosts AGs).

Stop the services via SSCM, if possible, or other service interaction options such as PowerShell, .Net remoting, etc., which you could start with the secondary replicas first and then fail over, then restart the old primary.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply