Unable to decrypt tape due to deleted certificate RRS feed

  • Question

  • Recently, the self-signed cert that DPM created during installation expired.  I created a new cert through our CA, removed the old cert (not knowing if it was still needed) and all seemed happy with backups and restores from that point on.  I was asked to restore data from a tape prior to the old certs expiration.  When I do this, it get an error stating:

    This DPM server is not authorized to read or write to this encrypted tape because there is no valid certificate in DPMBackupStore and DPMRestoreStore which can decrypt data. (ID 24071)

    The cert to which the encryption job is gone (no backup copies anywhere that I can find).  Am I completely out of luck or is there some magic trick I can use to get access to this old data?

    Thursday, January 12, 2012 6:34 PM


  • Hi,

    DPM does not create certificates ever.  Administrators must add certificates for DPM to use.   If you lost / deleted the certificate, the tapes are unreadable.

    If you have a systemstate backup of the DPM server, the certificate should be included.

    Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, January 12, 2012 7:36 PM