This was related to HELP-85252. In that case, we were trying to make FCBIS work, but later realized the customer had encryption at rest enabled, which was causing FCBIS to fail. Even though we say we support FCBIS with encryption at rest, in practice it seems quite fragile. If key rotation is also happening, the chances of it succeeding get even worse.

We're updating the playbook and the TSE wiki to recommend not using FCBIS when encryption at rest is enabled (See CLOUDOPS-12782). In addition, I think we should log a warning on the server side if someone still tries to use FCBIS with encryption enabled.