SSMS 2016 Error Importing Azure SQL v12 bacpac: master keys without password not supported

sql-server azure azure-sql-database ssms ssms-2016
How 'bout a Fresca picture How 'bout a Fresca · Nov 13, 2016 · Viewed 9.2k times · Source

I have done this dozens of times but just recently ran into this error. Here are the steps I have gone through to get here:

  1. Create a copy of my Azure SQL v12 database on the same server as the original
  2. Export the copy-version (completely inactive from user interaction) to blob storage
  3. Download the .bacpac file from blob storage to my local drive
  4. In SSMS (October 2016 release) my local sql server instance, right click Databases and choose 'Import Data Tier Application'
  5. Choose my recently downloaded bacpac file and start the import

It only takes a few seconds for it to bomb out and I get the error:

Error SQL72014: .Net SqlClient Data Provider: Msg 33161, Level 15, State 1, Line 1 Database master keys without password are not supported in this version of SQL Server
Error SQL72045: Script execution error. The executed script: CREATE MASTER KEY;

I followed the same process for the same database 1.5 months ago any everything worked fine...Is anyone else experiencing this??? I have SSDT version 14.0.61021.0 installed - not sure if that matters or not. I'm also running SQL Server 2016 Developer Edition (v13.0.1722.0).

Answer

Marvin picture Marvin · Mar 10, 2017

I had the same problem. After speaking to Azure support they found out the issue was caused because a blank database master key is created to encrypt the storage credentials for the auditing (auditing is an optional setting).

Note that database auditing settings are inherited from the server settings.

Anyway, the work around they came up with was:

  1. Disable auditing on the server (or database)
  2. Drop the database master key with DROP MASTER KEY command.

Then the export works as expected. Hopefully Azure will fix this issue soon so that auditing and export can work together.

Update 21st March 2017 Better work-around From MS

As the fix will take some time to be deployed, they also suggested an alternative solution, which will not require any additional steps (like disabling auditing or the steps form the blog) on your side to avoid this issue. After auditing is enabled, please update the master key and set the password. Setting a password for the existing master key will mitigate the issue. Also, setting the password will not impact auditing and it will keep working. The syntax to add the password is as follows:

-- execute in the user database
ALTER MASTER KEY ADD ENCRYPTION BY PASSWORD = ‘##############’;

The link also has a PowerShell script you can use to remove the offending SQL Statement from the .bacpac file.

Related questions

Optimal way to concatenate/aggregate strings

I'm finding a way to aggregate strings from different rows into a single row. I'm looking to do this in many different places, so having a function to facilitate this would be nice. I've tried solutions using COALESCE and FOR …

Read More
How to view the roles and permissions granted to any database user in Azure SQL server instance?

Could you guide me on how to view the current roles/permissions granted to any database user in Azure SQL Database or in general for a MSSQL Server instance? I have this below query: SELECT r.name role_principal_name, …

Read More
How do I create a new user in a SQL Azure database?

I am trying to use the following template: -- ================================================= -- Create User as DBO template for SQL Azure Database -- ================================================= -- For login <login_name, sysname, login_name>, create a user in the database CREATE USER <user_…

Read More