Failed to decrypt XML node "DTS:Password"

Hi!
I made an SSIS package and it runs fine on my workstation, but it fails when I run it on the SQL Server.
I'm using an ODBC connection and when I run the package, I get the error message:
"Login failed. Check for valid user ID, server name or password".
I tried to load the project in Visual Studio on the Server and got the error message above:
Failed to decrypt XML node "DTS:Password"
How can I set up the permissions for decrypting the password?

Thanks for any help!

The problem is that you have the ProtectionLevel set to "EncryptSensitiveWithUserKey". This means the package can be executed only by the user that created the package and on the machine that it was created. (unless you use a domain account and use machines in the same domain)

If you import the package on your server I recomend to change the ProtectionLevel to "EncryptSensitiveWithPassword" - will ecnrypt sensitive information like passwords - or if you store the package on SqlServer you can use "Rely on server storageand rolse for access control" - this means that the package will be stored unencrypted on the SQL Server.

The package can be stored unencrypted ONLY in the SQL Server.

HTH.
Ovidiu Burlacu

|||Thanks for the explanation!
I tried to use the last option"Rely on server storageand rolse for access control", however it causes a lot of error messages in the Business Intelligence Studio and I can not create a build with a deployment manifest. The help sais, this option is not accessible from Visual Studio, but I can not figure out, how to use it.
Can you tell me, how I can use it?
|||

Are you saving the package on a SQL Server or to a file? You can use ServerStorage ONLY if you save the package on SQL Server

To save a package from BIDS directly to SQL Server use File-> "Save Copy of <package_name>.dtsx As..." and in the dialogs that appears you can specify a SQL Server

If you want to create a deployment manifest encrypt with a passord and when you run the Deployment wizard and specify the destination to be a SQL Server the you can choose the "Rely on server storage and role for access control".

HTH,
Ovidiu

|||Thanks alot!

Failed to decrypt symmetric key....

Hi people
My IT department have reinforced at change of domain and username upon my
Reporting Services/SQL 2000 server.
At first everything seemed to be working much to my suprise. But I later
found out that all the scheduled emails ect doesnt work anymore. At closer
inspection I find this entry in the log files:
Source:
Schedule and Delivery Processor
Message:
Failed to decrypt symmetric key. Most likely cause is the service username
has changed.
Would it help reapplying the encryption key? Or would a reinstall of
Reporting Services do the trick or'
Thanks.
Regards
JonasTry reapplying the encryption key. If you don't have it, or it fails,
creating a new symetric key usually does the trick.
Kaisa M. Lindahl Lervik
"Jonas Larsen" <JonasLarsen@.discussions.microsoft.com> wrote in message
news:1AAC27B6-DAE7-495D-A24B-EFC033A586F6@.microsoft.com...
> Hi people
> My IT department have reinforced at change of domain and username upon my
> Reporting Services/SQL 2000 server.
> At first everything seemed to be working much to my suprise. But I later
> found out that all the scheduled emails ect doesnt work anymore. At closer
> inspection I find this entry in the log files:
> Source:
> Schedule and Delivery Processor
> Message:
> Failed to decrypt symmetric key. Most likely cause is the service username
> has changed.
> Would it help reapplying the encryption key? Or would a reinstall of
> Reporting Services do the trick or'
> Thanks.
> Regards
> Jonassql

Failed to decrypt protected XML node "PackagePassword" with error 0x8009000B

When and why does this error message appear..

Error 1 Error loading MasterPackage.dtsx: Failed to decrypt protected XML node "PackagePassword" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.

are you using package configurations? if so , how are they being stored (db, XML file ect.)

what is your ProtectionLevel set to on your package properties?

how is the package being run? (debug, SqlAgent, execcute w/o debug , command line ect.)

|||

I have a master package which is calling other packages...I just opened to set some package configuration but did not set and then it's coming out with this message when i try to open my master package but is running fine even if comes out with this message...

|||

what is the ProtectionLevel property set to on the children and parent? Right click properties -> ProtectionLevel)

it appears that when you are opening the package it cannot decrypt the sensitive information.

This often occurs when developing on one box and promoting to another.

|||

my protection leve is set to EncryptSensitiveWithUserKey on both parent and child.

|||As Ryan wrote, this error may occur when moving from one box to another - this protection level uses Windows Data Protection API (DPAPI), which automatically encrypts secrets with user key, but is limited in that it obviously allows only original user to decrypt secrets, and (less known) it only works on original computer only, unless you are using Roadmin Profile.

If you need to move packages to other computers, or execute them under different user account - use other protection levels. See Books Online for details.

Failed to decrypt protected XML node

Hi,

I,ve been searching the forum for answers to this error but with no luck:

Failed to decrypt protected XML node "DTSassword" with error 0x80070002 "The system cannot find the file specified.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.

Setup:
I'm running the packages from the SQL Job Agent - the packages are stored in the file system. The agent is using a proxy account to get the right permissions. I know this because the job has run for severel weeks without errors. The package is calling other packages and is using configuration files. It was actually more than on job that failed (with the same error) - but not all the jobs.

Now it is saying that it can not "find the file specified" - what file would that be? - I'm wondering if it is a package file or a configuration file or maybe another file. It dosn't give me any other information to where the problem is.

Any help is appreciated!

Regards
Simon
What's the ProtectionLevel on the package?|||It has never been changed so it is EncryptedByUserKey - but it is on the same computer with the same user and it has been running so I don't think that it is the problem, but maybe I'm wrong?!?!
|||

The only time I have seen this is when another developer updated the package, and saved it with his user key. That doesn't seem to be true in your case, though.

As a workaround, try changing it to EcryptSensitiveWithPassword, and see if that works better.

|||Thanks for you reply.
I will probably do that - it is only that there is a bunch of packages that I have to go through to changes the setting.

If anybody can give me the reason for this error I would be happy :-S
|||

jwelch wrote:

The only time I have seen this is when another developer updated the package, and saved it with his user key. That doesn't seem to be true in your case, though.

As a workaround, try changing it to EcryptSensitiveWithPassword, and see if that works better.

As I don't have any sensitive data in the package but instead store this information in configuration files I changed the setting to: DontSaveSensitive.

I afterwards started the packages which ran succesfully. I've earlier tried just to open a package and afterwards save it and the error would go away. So I will monitor the package to see if it fails again at a later time.

Thanks jwelch for your help.

Failed to decrypt protected XML node

Failed to decrypt protected XML node ... blah blah.

Looks familiar, right?

Package Protection mode is : EncryptSensitiveWithPassword

Package runs fine from within BIDS. Close package. Open package - asks for password. So far so good.

When running from command prompt with:

dtexec /File "C:\Program Files\Microsoft SQL Server\90\DTS\Packages\MyPackage.dtsx" /De mypassword

Get that cryptography error.

Doesn't happen for other packages... what can I be doing different/wrong?

Thanks,
NiteshDoes your password contains any of the following:
a) space characters - use the format /De "your_password"
b) punctuation characters - use the format /De "your_password"
c) " - double any "
d) ; - use the format /De "\"your_password\""

Hope this helps

Regards,
Ovidiu Burlacu|||

Ovidiu Burlacu wrote:

Does your password contains any of the following:
a) space characters - use the format /De "your_password"
b) punctuation characters - use the format /De "your_password"
c) " - double any "
d) ; - use the format /De "\"your_password\""

Hope this helps

Regards,
Ovidiu Burlacu

Nopes.
Password is same as that for other packages, all lowercase alphabets, 8 characters.

thanks,
Nitesh|||

Since your protection is only EncryptSensitiveWithPassword then only sensitive information will be encrypted, and my guess is that this package has been encrypted with a different password (mistyping).

Can you try to open package in BIDS and then go to View -> Error List and see if the same error has been posted?

I'm guessing that the same error happens in the designer, but we should not fail open the package just because we cannot retrieve the Password in a ConnectionString, so instead we post an error.

HTH,
Ovidiu Burlacu