August 16, 2010 at 3:17 pm
Hey I have an envrypted SSIS package that is using the EncryptSensitiveWithUserKey protection level setting...and it will not open...gives me lots of errors...I just downloaded the source from VSS but I still can't open it.
How can I open this so I can make some changes?
-chris
August 16, 2010 at 10:44 pm
What are the errors that you get?
Pradeep Adiga
Blog: sqldbadiaries.com
Twitter: @pradeepadiga
August 17, 2010 at 7:44 am
Error1Error loading ACCTG_ROLLUP_POSTER_2.dtsx: Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available. c:\projects\outlooksoftpackages\osoft 2\osoft drill thru poster\ACCTG_ROLLUP_POSTER_2.dtsx11
August 17, 2010 at 10:52 pm
This is because the ProtectionLevel property is set to EncryptSensitiveWithUserKey by default. Open the package as the user who created it/on the machine it was created and modify the ProtectionLevel property
Pradeep Adiga
Blog: sqldbadiaries.com
Twitter: @pradeepadiga
August 18, 2010 at 7:55 am
Thanks..but he is no longer with the company and his machine has been wiped and is not available...can I open the package as XML in notepad and change that setting and then resave it?
August 18, 2010 at 1:42 pm
Please check if DTUtil is of use.
Pradeep Adiga
Blog: sqldbadiaries.com
Twitter: @pradeepadiga
August 24, 2010 at 12:47 pm
chris.thornburg (8/18/2010)
Thanks..but he is no longer with the company and his machine has been wiped and is not available...can I open the package as XML in notepad and change that setting and then resave it?
His machine isn't necessarily important.. If this was a domain user AND that user still exists, then get it reactivated, change its password and log into YOUR machine as him. Then you can access the package correctly.
I generally take to position that I NEVER save an sensitive information in a package so that this never happens. but thats me..
CEWII
August 24, 2010 at 3:48 pm
AWESOME!!!
Okay I just spoke with our Admin and he will activate the user tomorrow morning and I can try it.
Thank you.
August 24, 2010 at 3:56 pm
Been there, done that..
CEWII
August 24, 2010 at 8:31 pm
Well I think the account have been deleted ...so do you think it will work to recreate the account?
August 24, 2010 at 9:32 pm
That I don't know, it depends on what it used to do the encryption, if it just used something like domain\user then it will prbably work, if it used the SID then no, it won't. I don't think the details of exactly how it is encrypted are public.
Sorry.
CEWII
August 25, 2010 at 9:15 am
I've got a horrible feeling for you that the new user will not allow access. Otherwise the new postroom worker Chris Smith would be able to access the sensitive data in the SSIS package created by the developer of 5 years ago Chris Smith.
I think your network guys should be shot for deleting the user rather than just disabling his account! Bye bye Audit trails!
August 25, 2010 at 10:00 am
This is my feeling as well. Although I think that the concern by Shark Energy is overstated. The new Chris Smith could potentially access to "sensitive" information provided he had access to the package. I know that almost everywhere else in windows that the SID is used to restrict access, therefore recreating the user does not recreate the access. But in this case it isn't so much access as decryption.. Since I have no solid details about how SSIS does this I can't take a position on what will happen here.. Sounds like I need to do an experiment..
CEWII
Viewing 13 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply