SQL Server Mirroring with Certificate

SQL Server Mirroring with Certificate.

Step1 : Take a backup of Database and then backup of log as well, of the database which you want mirrored.
On Principal Server


USE [master]
BACKUP DATABASE [AdventureWorks2012] TO DISK = N'D:\SQL\AdventureWorks2012.bak'
BACKUP LOG [AdventureWorks2012] TO DISK = N'D:\SQL\AdventureWorks2012.TRN'

Step2 : Copy this both database and log backup from principal server to mirroring server and restore it in specific drive.

On Mirroring Server


USE [master]
RESTORE DATABASE [AdventureWorks2012] FROM  DISK = N'D:\SQL\AdventureWorks2012.bak' WITH  FILE = 1,  NORECOVERY

RESTORE LOG [AdventureWorks2012] FROM  DISK = N'D:\SQL\AdventureWorks2012.TRN' WITH  FILE = 1,  NORECOVERY

Step3 : Create Master Key, Certificate, Endpoint for Mirroring and backup of certificate on the principal server. Copy certificate backup to mirroring server.

On Principal Server

USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
GO

USE master;
CREATE CERTIFICATE Principal_Server_Certificate
   WITH SUBJECT = 'Principal Server Mirroring';
GO

CREATE ENDPOINT Endpoint_Mirroring
   STATE = STARTED
   AS TCP (
      LISTENER_PORT=7024
      , LISTENER_IP = ALL
   )
   FOR DATABASE_MIRRORING (
      AUTHENTICATION = CERTIFICATE Principal_Server_Certificate
      , ENCRYPTION = REQUIRED ALGORITHM AES
      , ROLE = ALL
   );
GO

BACKUP CERTIFICATE Principal_Server_Certificate TO FILE = 'D:\Principal_Server_Certificate.cer';
GO

Step4 : Create Master Key, Certificate, Endpoint for Mirroring and backup of certificate on the mirroring server. Copy certificate backup to principal server.

On Mirrored Server

USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
GO

USE master;
CREATE CERTIFICATE Mirroring_Server_Certificate
   WITH SUBJECT = 'Mirroring Server Mirroring';
GO

CREATE ENDPOINT Endpoint_Mirroring
   STATE = STARTED
   AS TCP (
      LISTENER_PORT=7024
      , LISTENER_IP = ALL
   )
   FOR DATABASE_MIRRORING (
      AUTHENTICATION = CERTIFICATE Mirroring_Server_Certificate
      , ENCRYPTION = REQUIRED ALGORITHM AES
      , ROLE = ALL
   );
GO

BACKUP CERTIFICATE Mirroring_Server_Certificate TO FILE = 'D:\Mirroring_Server_Certificate.cer';
GO

On Principal Server

USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
GO

CREATE CERTIFICATE Mirroring_Server_Certificate
   WITH SUBJECT = 'Mirroring Server Mirroring';
GO

CREATE ENDPOINT Endpoint_Mirroring
   STATE = STARTED
   AS TCP (
      LISTENER_PORT=7024
      , LISTENER_IP = ALL
   )
   FOR DATABASE_MIRRORING (
      AUTHENTICATION = CERTIFICATE Mirroring_Server_Certificate
      , ENCRYPTION = REQUIRED ALGORITHM AES
      , ROLE = ALL
   );
GO

BACKUP CERTIFICATE Mirroring_Server_Certificate TO FILE = 'D:\Mirroring_Server_Certificate.cer';
GO
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [Mir];
GO

On Mirroring Server

USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
GO

CREATE CERTIFICATE Principal_Server_Certificate
   WITH SUBJECT = 'Principal Server Mirroring';
GO

CREATE ENDPOINT Endpoint_Mirroring
   STATE = STARTED
   AS TCP (
      LISTENER_PORT=7024
      , LISTENER_IP = ALL
   )
   FOR DATABASE_MIRRORING (
      AUTHENTICATION = CERTIFICATE Principal_Server_Certificate
      , ENCRYPTION = REQUIRED ALGORITHM AES
      , ROLE = ALL
   );
GO

BACKUP CERTIFICATE Principal_Server_Certificate TO FILE = 'D:\Principal_Server_Certificate.cer';
GO
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [Mir];
GO

On Mirroring Server

ALTER DATABASE AdventureWorks2012
    SET PARTNER = 'TCP://PrincipalServerName.DomainName:7024';
GO

On Principal Server

ALTER DATABASE AdventureWorks2012
    SET PARTNER = 'TCP://MirringServer.DomainName:7024';
GO

To Failover Partner

ALTER DATABASE AdventureWorks2012
    SET PARTNER FAILOVER;

To Stop the mirroring.

--Run below script on Principal server
ALTER DATABASE AdventureWorks2012
    SET PARTNER OFF;
--Run below script on Mirroring server
Restore Database AdventureWorks2012 With NoRecovery

Notes:
1) Windows user must have an access to both server sharing folder.
2) Port number 7024 must me exceptional port number in firewall.