I have done this dozens of times but just recently ran into this error. Here are the steps I have gone through to get here:
- Create a copy of my Azure SQL v12 database on the same server as the original
- Export the copy-version (completely inactive from user interaction) to blob storage
- Download the .bacpac file from blob storage to my local drive
- In SSMS (October 2016 release) my local sql server instance, right click Databases and choose 'Import Data Tier Application'
- Choose my recently downloaded bacpac file and start the import
It only takes a few seconds for it to bomb out and I get the error:
Error SQL72014: .Net SqlClient Data Provider: Msg 33161, Level 15, State 1, Line 1 Database master keys without password are not supported in this version of SQL Server
Error SQL72045: Script execution error. The executed script: CREATE MASTER KEY;
I followed the same process for the same database 1.5 months ago any everything worked fine...Is anyone else experiencing this??? I have SSDT version 14.0.61021.0 installed - not sure if that matters or not. I'm also running SQL Server 2016 Developer Edition (v13.0.1722.0).
I had the same problem. After speaking to Azure support they found out the issue was caused because a blank database master key is created to encrypt the storage credentials for the auditing (auditing is an optional setting).
Note that database auditing settings are inherited from the server settings.
Anyway, the work around they came up with was:
- Disable auditing on the server (or database)
- Drop the database master key with
DROP MASTER KEY
command.
Then the export works as expected. Hopefully Azure will fix this issue soon so that auditing and export can work together.
Update 21st March 2017 Better work-around From MS
As the fix will take some time to be deployed, they also suggested an
alternative solution, which will not require any additional steps
(like disabling auditing or the steps form the blog) on your side to
avoid this issue. After auditing is enabled, please update the master
key and set the password. Setting a password for the existing master
key will mitigate the issue. Also, setting the password will not
impact auditing and it will keep working. The syntax to add the
password is as follows:
-- execute in the user database
ALTER MASTER KEY ADD ENCRYPTION BY PASSWORD = ‘##############’;
The link also has a PowerShell script you can use to remove the offending SQL Statement from the .bacpac
file.
Okay the way I ended up resolving this issue was to do the following:
- Create a copy of the SQL Azure database on the same server as the original
In that database run the following script:
ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = [password here];
- Follow steps 2-5 in the original post
I haven't seen documentation on this, but apparently when you create an Azure SQL database it creates a database master key (DMK) without a password, and in SQL Server 2016 this is not okay. Hopefully this helps somebody else out.
Note: I was able to do this since I only wanted the data from the original database to refresh my local development copy - I haven't fully researched the implications of this.
You need to:
- remove the master key object from the bacpac
- remove the credential object from the bacpac
There is this script published on Microsoft blog, run it, and will do all the above.
C:\PS> .\RemoveMasterKey.ps1 -bacpacPath "C:\BacPacs\Test.bacpac
Fix corrupt bacpac created by removing master key.
The Sugestion to run the script RemoveMasterKey, also created a corrupted bacpac file in my case by inserting  into the model.xml file in multiple places.
There is a way to edit the bacpac by extractig the files, Removing the offending characters in the model.xml file and then generating a new checksum for the Origin.xml file
once done Zipping the files back up with the extension .bacpac allows you to import the backpac.
Fix found at:
http://inworksllc.com/editing-sql-database-azure-bacpac-files/
checksum generator:
https://github.com/gertd/dac/tree/master/drop/debug
Steps provided:
1) Update the zip file with the modified model.xml
2) Rename the zip file with the bacpac extension
3) Run dacchksum.exe /i:database.bacpac (where database.bacpac is the name the bacpac file)
4) Update Origin.xml in the bacpac file with the new value provided by dacchksum.exe