Exported database from Azure SQL failed to be imported to Azure SQL or to local SQL Server


Symptoms: 

When using blob auditing on Azure SQL Server or Database, after you export database to .bacpac file

if you import the database to another Azure SQL DB that already have blob auditing enabled at the server level you may get this error message:

Could not import package.
Error SQL72014: .Net SqlClient Data Provider: Msg 15578, Level 16, State 1, Line 1 There is already a master key in the database. Please drop it before performing this statement.
Error SQL72045: Script execution error. The executed script:
CREATE MASTER KEY;

if you import the database to local on-premise SQL Server installation you may get this error:

Error SQL72014: .Net SqlClient Data Provider: Msg 33161, Level 15, State 1, Line 1 Database master keys without password are not supported in this version of SQL Server.
Error SQL72045: Script execution error. The executed script:
CREATE MASTER KEY;

this also apply if you created master key without password for your own usage.

Cause: 

This caused by a different behavior between Azure SQL DB and Local SQL Server installation

a master key without password is an Azure SQL DB only feature, while local SQL Server installation must have password encryption for master key.

read more about it here CREATE MASTER KEY (Transact-SQL)

failure to import back to Azure SQL caused by a limitation in the import process.

our teams are currently working to change this behavior from the server side.

Resolution:

Option 1

to mitigate import to Azure SQL DB use the import from the Azure portal.

to mitigate import to local SQL Server installation you can alter the existing master key and add password encryption to it.

this should be done before you export the database

ALTER MASTER KEY ADD ENCRYPTION BY PASSWORD = '<PasswordHere>';
Option 2

for short term mitigation we provide you PowerShell script that do the following:

  • remove the master key object from the bacpac
  • remove the credential object from the bacpac

after running this PS script on the bacpac you will have new bacpac file with “patched” suffix.

download it here

example:

C:\PS> .\RemoveMasterKey.ps1  -bacpacPath "C:\BacPacs\Test.bacpac"
Comments (10)

  1. ErikEJ says:

    Small typo: PS script on the pacpac => PS script on the bacpac

    1. Aman [MSFT] says:

      Funny one… fixed.

  2. pituach says:

    Thanks for sharing 🙂
    * Option 2 seems best useful, since there is no sense in changing the original (source) MASTER KEY only for the purpose of copying the database.

  3. anil m says:

    Even option 2 is not working it is inserting special chars after removing key part in BACPAC file.

    1. Aman [MSFT] says:

      can you share what is the outcome in your case? did you try to import the -patched bacpac file?

      1. anil m says:

        Below is the error, after using given PS script with patched file.

        *** Error importing database:Could not import package.
        Error SQL72014: .Net SqlClient Data Provider: Msg 102, Level 15, State 1, Procedure XYZZZ, Line 29 Incorrect syntax near ‘DeclareA’.Error SQL72045: Script execution error. The executed script:
        CREATE PROCEDURE[dbo]……

        1. Aman [MSFT] says:

          @anil – I will contact you directly to get some more details about your specific issue, we will share some more information later.

          1. anil m says:

            Thanks, Yochanan Rachamim.

  4. Grant Slater says:

    Please can you fix the script in Option 2 to support larger than 4GB ZIP files.

    1. we changed the script so now it support file size > 4GB. since this size of data operation it might take longer to complete file processing.

Skip to main content