SSMS 2016 Error Importing Azure SQL v12 bacpac: master keys without password not supported

白昼怎懂夜的黑 提交于 2019-11-28 23:49:48

问题


I have done this dozens of times but just recently ran into this error. Here are the steps I have gone through to get here:

  1. Create a copy of my Azure SQL v12 database on the same server as the original
  2. Export the copy-version (completely inactive from user interaction) to blob storage
  3. Download the .bacpac file from blob storage to my local drive
  4. In SSMS (October 2016 release) my local sql server instance, right click Databases and choose 'Import Data Tier Application'
  5. Choose my recently downloaded bacpac file and start the import

It only takes a few seconds for it to bomb out and I get the error:

Error SQL72014: .Net SqlClient Data Provider: Msg 33161, Level 15, State 1, Line 1 Database master keys without password are not supported in this version of SQL Server
Error SQL72045: Script execution error. The executed script: CREATE MASTER KEY;

I followed the same process for the same database 1.5 months ago any everything worked fine...Is anyone else experiencing this??? I have SSDT version 14.0.61021.0 installed - not sure if that matters or not. I'm also running SQL Server 2016 Developer Edition (v13.0.1722.0).


回答1:


I had the same problem. After speaking to Azure support they found out the issue was caused because a blank database master key is created to encrypt the storage credentials for the auditing (auditing is an optional setting).

Note that database auditing settings are inherited from the server settings.

Anyway, the work around they came up with was:

  1. Disable auditing on the server (or database)
  2. Drop the database master key with DROP MASTER KEY command.

Then the export works as expected. Hopefully Azure will fix this issue soon so that auditing and export can work together.

Update 21st March 2017 Better work-around From MS

As the fix will take some time to be deployed, they also suggested an alternative solution, which will not require any additional steps (like disabling auditing or the steps form the blog) on your side to avoid this issue. After auditing is enabled, please update the master key and set the password. Setting a password for the existing master key will mitigate the issue. Also, setting the password will not impact auditing and it will keep working. The syntax to add the password is as follows:

-- execute in the user database
ALTER MASTER KEY ADD ENCRYPTION BY PASSWORD = ‘##############’;

The link also has a PowerShell script you can use to remove the offending SQL Statement from the .bacpac file.




回答2:


Okay the way I ended up resolving this issue was to do the following:

  1. Create a copy of the SQL Azure database on the same server as the original
  2. In that database run the following script:

    ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = [password here];
    
  3. Follow steps 2-5 in the original post

I haven't seen documentation on this, but apparently when you create an Azure SQL database it creates a database master key (DMK) without a password, and in SQL Server 2016 this is not okay. Hopefully this helps somebody else out.

Note: I was able to do this since I only wanted the data from the original database to refresh my local development copy - I haven't fully researched the implications of this.




回答3:


You need to:

  • remove the master key object from the bacpac
  • remove the credential object from the bacpac

There is this script published on Microsoft blog, run it, and will do all the above.

C:\PS> .\RemoveMasterKey.ps1  -bacpacPath "C:\BacPacs\Test.bacpac



回答4:


Fix corrupt bacpac created by removing master key.

The Sugestion to run the script RemoveMasterKey, also created a corrupted bacpac file in my case by inserting  into the model.xml file in multiple places.

There is a way to edit the bacpac by extractig the files, Removing the offending characters in the model.xml file and then generating a new checksum for the Origin.xml file

once done Zipping the files back up with the extension .bacpac allows you to import the backpac.

Fix found at: http://inworksllc.com/editing-sql-database-azure-bacpac-files/

checksum generator: https://github.com/gertd/dac/tree/master/drop/debug

Steps provided:

1) Update the zip file with the modified model.xml

2) Rename the zip file with the bacpac extension

3) Run dacchksum.exe /i:database.bacpac (where database.bacpac is the name the bacpac file)

4) Update Origin.xml in the bacpac file with the new value provided by dacchksum.exe



来源:https://stackoverflow.com/questions/40575610/ssms-2016-error-importing-azure-sql-v12-bacpac-master-keys-without-password-not

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!