'Key not valid for use in specified state. (System.Security)' on registered server import (SSMS)

Question

My computer recently crashed and I am getting things re-installed. I would like to import the list of registered servers I had on my previous PC. I have both the RegSrvr.xml file from G:\Users\<user>\AppData\Roaming\Microsoft\Microsoft SQL Server\140\Tools\Shell as well as backups (with username/passwords) of *.regsrvr files which I can move from my laptop.

I see that moving over the RegSrvr.xml file to the same location in the new PC does nothing at all.

And when I try to import the *.regsrvr files - I get an error 'Key not valid for use in specified state. (System.Security)' and only about half the list actually import.

Is there a way around this?

Answer 1

I had this issue after importing my SSMS Server registration file WITH PASSWORDS from a different computer. To fix this, I re-exported the Server registration "without passwords" from my other computer and re-imported that file without passwords. This worked however, you can edit the registrations as you go.

Answer 2

The issue is that the passwords are stored in an encrypted string in the file, and the encryption key used is specific to that machine where SSMS is installed. So when you export them then import on a new machine, you get that error because it can't decrypt/use the passwords.

Most people just re-export from the old machine without passwords, then after importing into the new SSMS on the new machine, they manually go fix all the passwords.

What I wanted to add was that since it's "just a text file", you can save a LOT of work by manually editing C:\Users{user}\AppData\Roaming\Microsoft\SQL Server Management Studio\RegSrvr.xml.

What I did was import the file and ignore all of those errors

===================================

Key not valid for use in specified state. (System.Security)

------------------------------ Program Location:

at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at Microsoft.SqlServer.Management.RegisteredServers.RegisteredServer.ProtectData(String input, Boolean encrypt) at Microsoft.SqlServer.Management.RegisteredServers.RegisteredServer.get_SecureConnectionString() at Microsoft.SqlServer.Management.RegisteredServers.RegisteredServer.get_ConnectionString() at Microsoft.SqlServer.Management.RegisteredServers.RegisteredServer.get_ServerName() at Microsoft.SqlServer.Management.RegisteredServers.RegisteredServerTree.AddRegisteredServerNode(RegisteredServer regSrv, TreeNodeCollection nodes)

Then I went through this process:

1. In SSMS, fix a "server".
2. Over in the file, copy/paste that "good" encrypted password string over to all of the other "servers" that had a connection using the same password.
3. Restart SSMS.
4. Repeat as needed.