decrypt xml node failed on loading master package


  • Hi.  We run 2012 enterprise.  When I open my project on a different machine than the one I used to create the project,  I get the following warnings.  I'm concerned about 1) checking in source from different machines, 2) what is going to happen when we run this in production.  All of the project params are sensitive=false and required = true.  The master package stageprototype.dtproj has no pkg params and no configs.  What is this all about?  The project's protection level is encryptsensitivewith user key but as far as i know there is nothing sensitive in this collection of master and sub packages.  I'm concerened that id I change this to dont save sensitive, I'll be looking for a needle in a haystack, specifically the thing or things ssis thinks are sensitive right now.

    Warning 1 Warning loading StagePrototype.dtproj: Warning: Failed to decrypt an encrypted XML node. Verify that the project was created by the same user. Project load will attempt to continue without the encrypted information.  StagePrototype.dtproj 0 0

    Warning 2 Warning loading StagePrototype.dtproj: Warning: Failed to decrypt sensitive data in project with a user key. You may not be the user who encrypted this project, or you are not using the same machine that was used to save the project. If the sensitive data is a parameter value, the value may be required to run the package on the Integration Services server.  StagePrototype.dtproj 0 0 

    Tuesday, December 24, 2013 9:10 PM


  • Hi DB042189,

    This behavior is by design.

    The two warnings occurs when the package has no sensitive data and the package uses the default protection level setting – EncryptSensitiveWithUserKey.

    If the package has sensitive data such as passwords used in Connection Managers and the package uses the EncryptSensitiveWithUserKey protection level, you will not be able to open the package on the new server at all with the following error:

    Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specific state". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that correct key is available.

    In your scenario, you can still edit the package on the new server. If you want to avoid the warnings when opening it on the new server, you can set the protection level of the package to DontSaveSensitive. When we deploy a package to a SSIS server, it is recommended to set the protection level to ServerStorage (Rely on server storage) during the deployment.



    Mike Yin
    TechNet Community Support

    • Marked as answer by DB042189 Monday, December 30, 2013 1:22 PM
    Monday, December 30, 2013 6:36 AM