SQL SERVER – System. Security. Cryptography. CryptographicException – There Was an Error Generating the XML Document

One of my clients contacted me in assistance to install SQL Server. Generally, this is straightforward, but sometimes there are problems. This time we received an error message and it was very interesting. Let us learn about error related to the XML Document.

SQL Server Setup has encountered the following error:
There was an error generating the XML document.
Error code 0x84B10001.

When we searched on the internet, we were asked to see more details in setup logs. In Summay.txt we were seeing below the messages.

HResult : 0x80090345
Stack:
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at Microsoft.SqlServer.Common.SqlSecureString.WriteXml(XmlWriter writer)

If we look at the start place of the error, it says System.Security.Cryptography.CryptographicException. This means that there are some issues while encryption of the data. And the real error message is “The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.”

When I searched with above two, then I found that this can happen when there is Read Only Domain Controller (RODC).

WORKAROUND/SOLUTION

To solve this, we created the registry entry DWORD Protection Policy and set to 1 to enable local backup of the MasterKey instead of requiring a RWDC in the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb

Setting this value to 1 causes DPAPI master keys to be backed up locally rather than using a domain backup. For more information about DPAPI you can read

This workaround is documented in https://support.microsoft.com/en-in/help/3000850/november-2014-update-rollup-for-windows-rt-8.1,-windows-8.1,-and-windows-server-2012-r2

Reference: Pinal Dave (http://blog.SQLAuthority.com)