I have an SSIS Package that I created through the Import Export (32-bit) Tool. When I executed the package manually through the Execute Package Utility the package run successfully with no issues. However when I try to run the package through a Job Agent in SSMS I keep getting errors. The primary error I get seems to be:
Failed to decrypt protected XML node "DTS:Password" with error
0x8009000B "Key not valid for use in specified state" You may not be
authorized to access this information. This error occurs when there is
a cryptographic error. Verify that the correct key is available.
I'm using SQL Server 2008 R2.
I have researched this error to some degree and I think it has something to do with the package protection level. I feel like I've tried the configurations that make the most sense but none seem to be working for me. The Options are:
Encrypt sensitive data with user key
Do not save sensitive data
Encrypt sensitive data with password
Encrypt all data with user key
Encrypt all data with password
Rely on server storage and roles for access control
I feel like Ishould be using the last option here (Rely on server storage...) because I prefer to use SQL Server Authentication. I use SQL Server Authentication on the 'Choose Destination' window of the SQL Server Import and Export Wizard, and similarly I use this with the same username and password when I create the Job Agent in SSMS on the General Tab of the Job Step Properties. Is it possible that there is something that I need to add to the User I'm using in SSMS - even though it works outside of SSMS?
Something else I wondered that might have an impact is having the option "Drop and Re-create destination table" checked in the Column Mappings window of the Import and Export Tool. I was using a stored procedure to remove the tables before executing the Job Agent and I feel like ti was working at one point - could that have something to do with it?
Again the thing that baffles me most is that it runs no problem when I execute it manually through the 'SQL Server Execute Utility Package' tool.
I've included images of some of the windows I mentioned above if that helps.
Related
The report server was unable to validate the integrity of encrypted data in the database. (rsCannotValidateEncryptedData) .
Could not restore the encryption key, so I deleted the keys and tried to regenerate with rskeymngt with no luck. Getting
'The report server was unable to validate the integrity of encrypted
data in the database. (rsCannotValidateEncryptedData)'
I get that error when accessing http://localhost/ReportServer and when running rskeymgmt -s.
Not sure what next step to take. I have reports that users need to access.
I went into SSRS Configuration Manager > Encryption Keys > click Delete.
When I did that I got the error:
Failed to delete the encryption content in the report server database. Please execute the "DeleteEncryptedContent" stored procedure on the database manually.
To fix it I opened SQL Server Mgmt Studio > expand Databases > right click Report Server > new query and execute:
exec DeleteEncryptedContent
Start > Run > services.msc > Restart the "SQL Server Reporting Service" and its working.
Restarted the services and now everything is working.
So it looks like in order to generate a new key I need to update the Report Server Service account. After that restart the sql server reporting services.
I no longer have the encryption error, but now I am asked for a log in to the data source after clicking on the report. I enter the creds again but get 'The ConnectionString property has not been initialized.'
Just go to the reporting service manager and delete the delete encrypted content or change content now try to connect once more it will be work.
You just need to change database again if you already created then your problem will be solved.
One reason for this could be that the encryption key did not restore correctly. I migrated a report database from one server to another. I restored the encryption key and all seemed well at first but the error the questioner posted started appearing shortly thereafter. Another site had posted a query to look at the keys in the report database (with further instructions of how to delete) and I noticed when I executed it that the SymmetricKey field for my server was NULL. I restored the encryption key again using the Report Server Configuration Manager and noticed that the SymmetricKeys was now populated. I was then able to browse to the report server.
I'm setting up a development machine in which I need to maintain an SSIS package created by another developer. I can't get the package to run on this new machine, either in Visual Studio or as a SQL Server job. The most helpful message comes from Profiler:
Login failed for user 'MyUserName'. Reason: Password did not match that for the login provided. [CLIENT: <local machine>]
I know what the password should be, but I can't find where to set it.
To debug this, I've tried two ways of modifying the credentials to specify a different user, but the different user name is not being used in the connection attempts.
First I tried modifying the data source properties in Visual Studio.
Then I tried modifying the package config.
Data Source=.\SQL2014;User ID=DifferentUserName;Initial Catalog=dbname;...
The original user name is still being logged in Profiler, so I'm wondering where else to look for the credentials.
My SSIS Package works, but fails as a SSMS job (Error: 0xC0016016)
I am posting this question and sharing my solution to this issue as my own question because I didn't see the posed problem match the specific issue I encountered and the answers seemed to be scattered in different forum questions.
Background:
I have four SSIS packages on SQL Server 2012 that import a table from SQL Server 2008 R2, 2008, or 2005, depending on the specific package. I use a designated sql server login and password for the source database and integrated Windows security for the target database.
Within SSIS I am able to run each package without a problem.
To ensure this package ran on a schedule, I set up a SSMS job on the same server as the SSIS package. In Job step properties, I chose: SQL Server Integration Services Package > run as SQL Sever Agent Service Account > Package source: File system).
The Symptom:
When manually running the job to make sure it worked, I got an error and saw this in the Log File Viewer. This was the first of several errors, but as this was chronologically the first error, I looked into this one first.
Error: 2014-10-24 09:52:34.48
Code: 0xC0016016
Source: [Redacted -- the correct name of the table I was importing]
Description: Failed to decrypt protected XML node "DTS:Password" with
error 0x8009000B "Key not valid for use in specified state.". You may
not be authorized to access this information. This error occurs when
there is a cryptographic error. Verify that the correct key is
available.
End Error
I looked up the error code on Google and started looking at resolutions. Rather than retelling how I found the bits and pieces of the resolution, I am presenting an actionable result in sequence -- at least for me and the network infrastructure I'm working with.
In the "properties" panel of the SSIS solution (do this first) and each package in that solution, reset the "ProtectionLevel" attribute to EncryptSensitiveWithPassword and set a password. The package passwords must match the solution password.
Just a double-check, run your packages in debug mode to make sure that no other new issues arise. In my case, I needed to re-enter the sql server password for the source server database.
Rebuild your SSIS solution.
In SSMS, open your job and open the job step properties for the task in question.
Select the "Command Line" tab. A "Package Password" popup appears. Enter the password that you entered in step 1.
Select "Edit the command line manually" and place the same password from step 1 immediately after /DECRYPT.
Repeat steps 4-6 for each job step that runs this type of package.
Press the "OK" button and re-run your job.
I was able to run my job successfully after that.
I'm using SSEUtil to automatically create a functional test database from the schema derived from my development database (SQL Server 2008 R2) as part of my build process. This allows me to keep the two databases in-sync (schema-wise) without running SQL repository tests against my development database.
I recently added a full text index to a table for the first time for this project in my development schema and now when I attempt to apply the schema to a newly created unit test database I get the following error when it executes the SQL to create the full text catalog:
CREATE FULLTEXT CATALOG [FullTextCatalog] AUTHORIZATION [dbo]
GO
Cannot use full-text search in user instance.
[SqlException Number 9982, Class 16, State 100, Line 1]
I've searched high and low. The only help I found was on another site where someone suggested "attaching to the parent database." I have no idea what that means. And I have no idea what this error means. What is a "user instance"?
Can anyone suggest a way around this? Is there a better way to keep two database schemas in-sync for continuous integration?
Either
User must have CREATE FULLTEXT CATALOG permission on the database, or be a member of the db_owner, or db_ddladmin fixed database roles.
or
you won’t be able to use full text catalogues if the SQL instance does not have it installed. Make sure the SQL server instance has the full text service running.
Here are two ways of testing whether this feature installed or not. This feature is available for all editions of SQL Server 2005 and 2008 (including SQL Express)
Check the services applet (run -> type 'services.msc') for this entry :
SQL Server FullText Search Or SQL Server FullText Search (SQLEXPRESS) (in case of SQL Express). Start this service of not running
Run the query "select fulltextserviceproperty('isfulltextinstalled')" in the Query analyzer. if the result is '1' then it is installed else not.
In the case of unavailability of this feature, you need to install by downloading the "SQLEXPR_ADV.EXE" from http://www.microsoft.com/express/sql/download/default.aspx
Reference taken from here
This is not really an answer to the question, but I came upon a similar issue with visual studio package manager when updating an entity framework code-first database (command update-database).
The problem was that I selected the wrong start-up project, and therefore visual studio was not using my connection string at all. It was connecting to a localdb instance, hence the cryptic error message "cannot use full text search in user instance". Once I made it connect to the actual database, it worked as expected.
I also came across this user instance issue. I have to admit that I only have basic knowledge of SSMS. Apparently I'm logged as the public user. How can I be a member of db_owner? I try to generate and script everything without using the GUI.
For example, if I execute this
ALTER AUTHORIZATION ON DATABASE::[dbname] TO sa;
EXEC sp_changedbowner 'sa';
I still get the Cannot use full-text search in user instance error with
USE [dbname]
CREATE FULLTEXT CATALOG [ftc_dbname] AS DEFAULT
GO
I'm getting this error when running an SSIS package through SQL Agent
Failed to acquire connection "ORACLE ADO.NET". Connection may not be configured correctly or you may not have the right permissions on this connection.
When I log on as the SQL Agent User and run the ssis package directly it is fine. When I then execute it through the SQL agent job, it fails.
I've read around extensively on this topic, and it seems a lot of the advise concerns how you are logged in, configuring of proxy accounts, etc, etc, etc, none of which has been helpful.
I am logging onto an Oracle database with an ADO.NET conncetion. The connection string is as follows (datasource, userid and password have been changed):
Data Source=DATASOURCE;User ID=userid;Password=password;Persist Security Info=True;Unicode=True;
I'm loading this from a registry setting using package configuration. To check that I am getting the correct string, I am writing it into a temporary log table. I am definately getting the string I need from the correct registry setting.
I've tested the oracle login credentials though PL/SQL developer, and it lets me login just fine.
As far as I can tell, as I'm using an explicit user name and password for the Oracle connection it just shouldn't matter who the SSIs pacakge is run as. The only point of failure that Ican see would be the reading of the information from the registry, but that seems fine.
I'm really quite baffled, I must confess, and would appreciate any help some of the splendid experts here can offer.
Many thanks,
James
Ok, tracked this one down after quite a lot of pain.
It was working fine on one environment, but not another, so I fired up Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) and ran a package through the SQL Agent job, comparing which system entities were hit on each enviroment.
On the failing environment, at the point of the bulk transfer operation, the package attempted to get the Oracle 11 client DLL, and then hung.
I knew that this was installed, and, moreoever, the DLL path was a system environment setting. After further investigation it was revealed that the server had not been rebooted since the Oracle Client install and the SQL Server Agent process had not bee recycled.
Yes, can you believe it, the old helpdesk fix "Can you reboot your computer?" worked.
Sigh!
We had issues at a client with running packages connecting to Oracle before stored on our sql server instance. The work around we found was to change the package property, protection level, to "Dont save Sensitive Data" and for security purposes, we encrypted the username and password in the package configuration that was decrypted by a udf in sql server. Of course, before you try the whole encryption part, I would recommend putting the username and password in the package configuration without encrypting the values to see if changing the protection level setting is the solution to your specific problem. I hope this helps.
I was getting this error when tnsnames.ora file did not have a valid entry for the environment