I am performing Always encryption in my web application, Which insert data by a WCF service which is hosted by a window service. I am getting following error while insertion of data into encrypted column.
Failed to decrypt a column encryption key using key store provider: 'MSSQL_CERTIFICATE_STORE'. The last 10 bytes of the encrypted column encryption key are: '64-56-87-3B-EC-2E-11-9D-2A-B5'. Certificate with thumbprint 'A0D10777759BBD947EEA6F3F5D1A7989514C45F0' not found in certificate store 'My' in certificate location 'CurrentUser'. Verify the certificate path in the column master key definition in the database is correct, and the certificate has been imported correctly into the certificate location/store. Parameter name: masterKeyPath
Ok, I found out the problem. The case was exactly this: I set always encrypted for a column using SQL Server Management Studio which started with my own account. Because i run SSMS process with my own Windows Account, it placed the certificate inside Current User / MY directory of my account. However IIS application pool is running with a different account, so it couldn' t find the certificate under my account' s CurrentUser/My directory.
I restarted the IIS application pool with the same account who started SSMS and created the certificate, and the problem gone.
Thanks