none
Backup Master key, Cannot write into file 'c:\temp\master'. Verify that you have write permissions, that the file path is valid.

    Pertanyaan

  • Hi,

     

    I tried to backup the master key by the following syntax :

         OPEN MASTER KEY DECRYPTION BY PASSWORD = 'mypassword'

         BACKUP MASTER KEY TO FILE = 'c:\temp\master'  ENCRYPTION BY PASSWORD = 'mypassword'

    but it failed and i got the following message:

    Cannot write into file 'c:\temp\master'. Verify that you have write permissions, that the file path is valid, and that the file does not already exist.

    NB: I am using the "sa" user to execute this command.

    I know that we have a security permission issue , but where and how ?

     

    Regards,

    Tarek Ghazali

    SQL Server MVP

    Rabu, 12 Juli 2006 11.19

Jawaban

  •     I forgot another reason why backup may fail: the backup operations for keys won’t replace any files, make sure the file name is unique. Let me know if changing the name of the file worked.

     

       BTW. If you create backups of your master keys on a regular schedule and regenerate the keys (which is highly recommended), it is a good idea to keep an archive of your old keys (protected in a safe place) in case you need to access data from some old backup.

     

      Thanks,

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Kamis, 13 Juli 2006 18.06
    Moderator

Semua Balasan

  •   In this case the permissions check are done by Windows to verify that the SQL Server service account has access to create the file. Most likely you are running SQL Server using a low privileged domain account (which is highly recommended). To check the name of the service account being used, you can use SQL Server Configuration Manager (SCM).

     

       Rather than granting permissions directly to this service account on local Windows resources, you can grant the permissions to the corresponding Windows group that SQL Server 2005 setup created for you. You can find the name of this group in the local users and groups management tool in Windows (Computer Management tool).

     

      The name for the SQL Server 2005 groups should be based on the following pattern:

    SQLServer2005MSSQLUser$<<Server_name>>$<<Instance_name >>

      For example: SQLServer2005MSSQLUser$MY_SERVER$MSSQLSERVER

     

      Once you have found the name for the service account group, you can grant the proper permissions on Windows resources (such as write permissions on folders or read permissions on files you need to import).

     

      I hope this information will help you,

     -Raul Garcia

      SDE/T

      SQL Server Engine

    Rabu, 12 Juli 2006 17.39
    Moderator
  • Hi Raul,

    first Thanks for your reply.

    I tried that also but it didn't work,

    Any other idea ?

    Thanks,

    Tarek Ghazali

    SQL Server MVP

    Web site: www.sqlmvp.com

     

    Kamis, 13 Juli 2006 08.40
  •     I forgot another reason why backup may fail: the backup operations for keys won’t replace any files, make sure the file name is unique. Let me know if changing the name of the file worked.

     

       BTW. If you create backups of your master keys on a regular schedule and regenerate the keys (which is highly recommended), it is a good idea to keep an archive of your old keys (protected in a safe place) in case you need to access data from some old backup.

     

      Thanks,

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Kamis, 13 Juli 2006 18.06
    Moderator
  • Hi.

    I am still getting this error. I have done what was suggested. I have even granted everyone full access to the folder I am trying to write to with no luck.

    I am running SQL 2008 and Windows Vista 64 bit.

    Any help would be appreciated.

    Edit: Oh and the file does not already exist.

    Deep
    Jumat, 06 Maret 2009 14.58
  • I got it working now.

    The example on Microsoft's site only pointed to a folder location and thus I was not providing a file name. I provided a file name in the path and it created the files where I wanted them.

    Thanks for the heads up and I hope this post helps someone else in the future.

    Deep
    • Disarankan sebagai Jawaban oleh corrado49 Minggu, 12 Agustus 2012 03.35
    Jumat, 06 Maret 2009 15.26
  •  There was no comment here by Microsoft.  Please fix this in your documentation.  It sucks going through incorrect documentation examples and wasting time.

    http://msdn.microsoft.com/en-us/library/ms178578.aspx needs fixing.
    Jumat, 13 Maret 2009 12.53
  • Documentation is very clear:

    [q]
    path_to_file

    Specifies the complete path, including file name, of the file in which the certificate is to be saved. This can be a local path or a UNC path to a network location. The default is the path of the SQL Server DATA folder.

    [/q]

    From; http://msdn.microsoft.com/en-us/library/ms178578.aspx

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Disarankan sebagai Jawaban oleh corrado49 Minggu, 12 Agustus 2012 03.37
    Jumat, 13 Maret 2009 21.06
    Moderator
  • Oh, you also need to give the file an extension.  It doesn't matter what the extension is, but it needs to have one.
    Jumat, 26 Maret 2010 19.59
  • Hi Tarek/Deep,

    i'm having the same problem. My Server is SQl 2008. I'm trying to backup SMK in my local folder. i'm executing the command as myself. I'm a sysadmin in the machine. I'm providing full path with file name and extension. Still getting the error:

    Msg 15240, Level 16, State 1, Line 1

    Cannot write into file 'C:\Users\m096360\Work\roegps903q$dmdev01.snk'. Verify that you have write permissions, that the file path is valid, and that the file does not already exist.

     

    Any suggestion, please?

    --I

     

    Selasa, 22 November 2011 19.15
  • Where is this path? On the same machine as SQL Server is running? Does the service account for SQL Server have access to this folder?

    Generally, it is better to start a new question, rather than posting a question to a thread from yesteryear.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Selasa, 22 November 2011 22.42
  • Hi All,

    BACKUP CERTIFICATE ServerCert TO FILE = 'D:\MSSQL\CERT\ServerCert'
        WITH PRIVATE KEY (FILE = 'D:\MSSQL\CERT\ServerKey' ,
        ENCRYPTION BY PASSWORD = 'pas$word' );
    GO

    Fix for: Cannot write into file...

    Be sure that the certificate file name and the private key file name are different.

    Good luck,

    Mac

    http://www.datanetzs.cz.cc


    Keep on Truck'in

    • Disarankan sebagai Jawaban oleh Mac McRae Sabtu, 13 April 2013 14.41
    Sabtu, 13 April 2013 14.40
  • This is an excellent answer. Please vote it up as this is a very likely cause, because reading is hard, I don' t like to do it, you can't make me, and it's not super clear and in my face.  Seriously, skip all the ttrash talk on these things and just show a freaking example on these articles....https://msdn.microsoft.com/en-us/library/ms178578.aspx
    • Disarankan sebagai Jawaban oleh BoBo1522 Jumat, 07 April 2017 01.51
    • Saran Jawaban dibatalkan oleh BoBo1522 Jumat, 07 April 2017 01.51
    Jumat, 26 Agustus 2016 14.28
  • I have to agree with everyone on this documentation.  The documentation relies on the opinion of the person writing the information. Frankly, I don't know if it is enough just to have this many disagreements regarding the documentation but, quote frankly, the road to my house is a road, not a road and a specific house. If I want someone to find my house, I give them the road and specify the road number.

    One might interpret this two ways.   First, am I stupid enough to give them the road and not the house number?  Answer, NO - I will include this information as a second piece of information.

    Two - the other interpretation - road to my house is a road.

    So path to file means - (what is the subject - oh, subject - path) and what else - a modifier of the subject.   The wording here has a lot of semantic overtones.  Even as I write here, I find the whole thing murky.

    If I were documenting (and I am not the best by far) I am certain I would say path and file rather than path to file.

    Given the concensus here, perhaps you might consider modifying the information in the documentation.

    Quoting one of the folks above, "it sucks".  This post would not exist if it had been written clearly from the beginning.


    R, J

    Jumat, 20 Januari 2017 15.13
  • In addition to this and everything else in this thread, I'd like to add the one I just found.  The folder paths.  Maybe I didn't have the correct permissions (I set them up like Raul said to do above) but I just kept getting the write error.  Then I built out my folders by hand (I created a new folder and renamed it what I wanted).  Ctrl+F5 and then they finally wrote.

    Here's my summary:

    • Folder Permissions
    • Make sure the files have different names
    • Make sure they have extensions
    • Make sure the path that you want to save to is already there

    Hope this helps!

    Jumat, 07 April 2017 01.56
  • I'd also like to add a note to this thread.

    The path is relative to the SQL Server instance.   The path needs to be setup on the machine hosting the instance. 

    (I was trying to save to a mapped drive on my workstation with SSMS and it was failing - of course)

    Kamis, 05 Juli 2018 13.50