Re: more detail on issue

I posted this in another thread, but this looks like the same issue so I'm
copying the message here:

I encountered the same problem, even on the same server upon deployment.
I ended up contacting Microsoft and opening a support case. After a couple
of hours on the phone, we found that if the SSIS Package's Security setting
"ProtectionLevel" was set to EncryptAllWithUserKey or
EncryptSensativeWithUserKey that the passwords would actually be lost. This
has to do with the fact that the SQL Server Agent process on your server is
running as a different user and cannot validate the user key basically. What
I ended up having to do is switch the Security ProtectionLevel to use
EncryptAllWithPassword or EncryptSensativeWithPassword and specify a
password for the package. I then re-deployed to SQL.

How I scheduled the Job also had to change. I could no longer specify my
package as a SSIS Step in a Job. I had to make my Job execute an "Operating
System (CmdExec)". The command line was :

C:\Program Files\Microsoft SQL Server\90\DTS\Binn\DTExec.exe /DTS
"\MSDB\YOURPACKAGEHERE" /SERVER Q /DECRYPT YOURPASSWORDHERE /MAXCONCURRENT
" -1 " /CHECKPOINTING OFF /REPORTING V

It seems like very much a work-around, but that's roughly the way I was told
to keep the protected passwords. My support case person spoke with the
engineers and that was the desired result evidently. They are working on
documenting the Security Levels more though, as this seems to be coming up a
lot. I honestly wouldn't be suprised if something in Security levels changed
in SP2.


Hope this helps.

-Matt Yeager




"cp-bulldog" <cpbulldog@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6398C4B9-74A5-4258-924B-C0183B9DA201@xxxxxxxxxxxxxxxx
probably should have put all this info in the first post. we are using
SQL
2005. the sql job owner is set to my account right now for testing which
is a
domain admin account. what is interesting is that although the job owner
is
my account when the SQL agent tries to run it is tries to use the
server\SYSTEM account.

is this a known issue with a work around?

"cp-bulldog" wrote:
i have a dtsx package that runs fine from the the bus intelligence studio
and
runs fine from within SQL environment when run manually. however, when i
try
to shedule it via SQL Server Agent it fails. looks like it is trying to
run
it as server\SYSTEM which is probably why it is failing.

any ideas on this?


.

Relevant Pages

  • Re: more detail on issue
    ... Is it that complicated just to fire a SSIS package from sql agent. ... "ProtectionLevel" was set to EncryptAllWithUserKey or ... I honestly wouldn't be suprised if something in Security levels changed ... domain admin account. ...
    (microsoft.public.sqlserver.dts)
  • Re: more detail on issue
    ... not getting where to change the security protection level. ... "ProtectionLevel" was set to EncryptAllWithUserKey or ... I then re-deployed to SQL. ... domain admin account. ...
    (microsoft.public.sqlserver.dts)
  • Re: more detail on issue
    ... strings not being visible to the SQL Agent user. ... Is it that complicated just to fire a SSIS package from sql ... "ProtectionLevel" was set to EncryptAllWithUserKey or ... domain admin account. ...
    (microsoft.public.sqlserver.dts)
  • Re: sql problem
    ... Account # is the link field on ... The requirement is I have to come up with a report comparing the two ... customer tables to see if they are in sync. ... what I wanted to do was to get the SQL to return the "like" names ...
    (comp.databases.oracle.server)
  • Re: sql problem
    ... Account # is the link field on ... table1, table2@dblink where ....) ... customer tables to see if they are in sync. ... what I wanted to do was to get the SQL to return the "like" names ...
    (comp.databases.oracle.server)
Loading