Ssis-661 May 2026
Scenario:
A nightly load package DW_Load.dtsx fails at 02:15 AM with SSIS‑661 for the component OLE DB Source [Customer] complaining about column CustomerStatus.
Resolution steps performed:
| # | Action | Outcome |
|---|--------|----------|
| 1 | Checked the error log → confirmed component and column. | Identified the exact source table: dbo.Customer |
| 2 | In SSIS-661
If you must stay with a non‑Unicode destination, the following C# snippet inside a Script Component (Transformation) safely converts while logging dropped characters:
public override void Input0_ProcessInputRow(Input0Buffer Row)
if (!Row.UnicodeCol_IsNull)
// Source Unicode string
string src = Row.UnicodeCol;
// Target encoding (1252 = Latin-1)
Encoding targetEnc = Encoding.GetEncoding(1252, EncoderFallback.ReplacementFallback,
DecoderFallback.ExceptionFallback);
try
// Convert, replacing unrepresentable chars with '?'
byte[] bytes = Encoding.Convert(Encoding.Unicode, targetEnc, Encoding.Unicode.GetBytes(src));
string dest = targetEnc.GetString(bytes);
Row.NonUnicodeCol = dest;
catch (EncoderFallbackException e)
// Log the problematic row ID for later analysis
ComponentMetaData.FireError(0, "UnicodeConversion",
$"Row Row.RowNumber: cannot encode character(s) – e.Message", "", 0, out bool cancel);
// Decide: drop row, set to empty, or copy as is with placeholder
Row.NonUnicodeCol = string.Empty;
| Q | A |
|---|---|
| Can I ignore SSIS‑661 by setting ValidateExternalMetadata = False? | Yes, you can, but you lose the safety net that warns you about schema changes. Use this only when the downstream component can truly handle any shape of data (e.g., a script that dynamically reads columns). |
| Does SSIS‑661 appear in the Integration Services Catalog (SSISDB) view? | In SSISDB you will see the error in the catalog.operation_messages view with message_type = 120 and the same error text. |
| Is there a PowerShell or T‑SQL script to locate all packages that might hit SSIS‑661? | You can query catalog.packages for the XML of each package and search for ValidateExternalMetadata="True" combined with components that use * in their SQL. Example: SELECT name, package_id FROM catalog.packages WHERE CAST(package_content AS XML).value('(/DTS:Executable/DTS:Component[@Name="OLE DB Source"]/@ValidateExternalMetadata)[1]', 'int') = 1. |
| What if the source is a flat file that changes column order? | Flat‑File sources also rely on external metadata. Turn on “Retain null values from the source as nulls” and re‑import the column definitions, or better yet, use a Script Component that reads the file dynamically. |
| Will upgrading to the latest SSDT/Visual Studio fix the error? | Upgrading alone will not fix a genuine schema drift; however, newer versions improve the metadata refresh UI and sometimes expose hidden mismatches earlier during design time. | Scenario :
A nightly load package DW_Load
If you’re launching the package via DTExec from a command line, run:
whoami
to see the Windows identity. Then verify that identity in SSISDB as above. If the error appears in the Progress tab,
If you’re using SQL Agent:
SELECT name, credential_id
FROM msdb.dbo.sysjobs
WHERE name = 'YourJobName';
Then inspect the linked proxy and its credential.
| Item | Description |
|------|-------------|
| Error number | 661 |
| Message text | “The user does not have the necessary permissions to perform this action.” |
| Typical sources | - Deploying a package to the SSIS Catalog (SSISDB)
- Executing a package that accesses a secured data source (e.g., Azure Blob, SQL Server, Oracle)
- Using the SSISDB stored procedures (e.g., catalog.create_project, catalog.start_execution)
- Running a package from DTExec / DTExecUI under a Windows account lacking required rights |
| Why it matters | SSIS runs with the security context of the SQL Server service account, the SQL Agent proxy, or the Windows user you launch it under. If that identity can’t read/write to the Catalog, or can’t access external resources, the package aborts with error 661. |