I have a package (PackageA) with an Execute Package Task thatexecs PackageB. When I run PackageA Iget this error on the Execute Package Task : Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available. PackageB has 'EncryptSensitiveWithUserKey' ProtectionLevel. I'm providing passwords in the dtsConfig so I'm guessing I should change it to 'DontSaveSensitive'? Interestingly, PackageAalso has'EncryptSensitiveWithUserKey' ProtectionLevel, but I don't get an error about PackageA, just on the task that runs PackageB. (SP1 is installed).

Al C. wrote: PackageB has 'EncryptSensitiveWithUserKey' ProtectionLevel. I'm providing passwords in the dtsConfig so I'm guessing I should change it to 'DontSaveSensitive'? Yes, since the data is configured somewhere else, DontSaveSensitive is correct choice. Al C. wrote: Interestingly, PackageAalso has'EncryptSensitiveWithUserKey' ProtectionLevel, but I don't get an error about PackageA, just on the task that runs PackageB. The message is only raised when the package contains the actual protected data - passwords, connection strings that can't be decrypted. If the package had 'EncryptSensitiveWithUserKey' ProtectionLevel, but does not have any sensitive data, you will not see this message.

Thanks Michael. That explains it all!

"I'm providing passwords in the dtsConfig " How you did it? Because if I used "DontSaveSensitive" I coundn't connect to my DB, I used xml config but password is blank, how I can save password?

You have to edit the .dtsconfig file yourself (using notepad) and add the password to the connection string.

but this way the password won't be protected... is there any other mechanism to avoid leaving the password readable ?

You can encrypt the folder where you store the configuration files. Or you can use the the EncryptSensitiveWithPassword option for the package ProtectionLevel property, but you'll have to supply a password to run the package.

The best way is to encrypt with a password instead of the userkey, the password will be required when you deploy the SSIS package to the server and will maintain all your configurations with no changes. Hope this helps.Moustafa Arafa

You can encrypt the folder where you store the configuration files. Or you can use the the EncryptSensitiveWithPassword option for the package ProtectionLevel property, but you'll have to supply a password to run the package. Hi jwelch If we set the EncryptSensitiveWithPassword option, then we get the same error as mentioned in first post i.e Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.