[SSIS]Failed to decrypt protected XML node "DTS:Password" Exception when opening SSIS package


Error loading BlahBlah.dtsx:

Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.".

You may not be authorized to access this information. This error occurs when there is a cryptographic error.

Verify that the correct key is available.



Possible options are (see MSDN):

  • DontSaveSensitive: Sensitive data is not saved at all (replaced with blanks). It has to be re-entered each time the package is opened. Every logged-on user can open/execute the package.
  • EncryptAllWithPassword: The whole package is encrypted using the password given in the "PackagePassword" property of the package. The package cannot be opened/executed without this password, but every logged-on user who knows it can open/execute the package.
  • EncryptAllWithUserKey: The whole package is encrypted using a key calculated from the creator's user profile. The package can only be opened and executed from the creator windows user.
  • EncryptSensitveWithPassword: Not whole package, but only sensitive data is encrypted using the password given in "PackagePassword" property. When opening/executing the package, you have to specify the password to decrypt the sensitive data (if not the package can be opened anyway, but sensitive data is not available).
  • EncryptSensitiveWithUserKey (default): Same as above, but instead of PackagePassword user profile is used as key. Other logged-on windows users can open the package in VS but sensitive data must be re-entered. The package can only be executed by the creator windows user.
  • ServerStorage: Protects the whole package using SQL Server database roles. This option is supported only when a package is saved to the SQL Server msdb database. It is not supported when a package is saved to the file system from Business Intelligence Development Studio.

Sensitive data are:

  • The password part of a connection string.
  • The task-generated XML nodes that are tagged as sensitive. The tagging of XML nodes is controlled by Integration Services and cannot be changed by users.
  • Any variable that is marked as sensitive. The marking of variables is controlled by Integration Services.




http://www.cubido.at/Blog/tabid/176/EntryID/155/Default.aspx ( thanks m.unterauer)