diff --git a/sdk/dotNet/README.md b/sdk/dotNet/README.md
index 8a77aa2b..cc10cda8 100644
--- a/sdk/dotNet/README.md
+++ b/sdk/dotNet/README.md
@@ -3,6 +3,10 @@
 
 # Change Log
 
+## 16.6.7
+
+* KSM-550 - Stop generating UIDs that start with "-"
+
 ## 16.6.6
 
 * KSM-360 - GHA to build and release strong named assemblies
diff --git a/sdk/dotNet/SecretsManager/CryptoUtils.cs b/sdk/dotNet/SecretsManager/CryptoUtils.cs
index 84f73137..3ba24046 100644
--- a/sdk/dotNet/SecretsManager/CryptoUtils.cs
+++ b/sdk/dotNet/SecretsManager/CryptoUtils.cs
@@ -80,6 +80,19 @@ public static byte[] GetRandomBytes(int length)
             return bytes;
         }
 
+        public static byte[] GetUidBytes()
+        {
+            byte dash = 0b1111_1000;
+            var bytes = new byte[] { };
+            for (int i = 0; i < 8; i++) {
+                bytes = GetRandomBytes(16);
+                if ((dash & bytes[0]) != dash) break;
+            }
+            if ((dash & bytes[0]) == dash)
+                bytes[0] = (byte)(bytes[0] & (byte)0b0111_1111);
+            return bytes;
+        }
+
         public static byte[] GenerateKeyPair()
         {
             var keyGenerator = new ECKeyPairGenerator();
diff --git a/sdk/dotNet/SecretsManager/SecretsManager.csproj b/sdk/dotNet/SecretsManager/SecretsManager.csproj
index 0a662ddc..f4c18583 100644
--- a/sdk/dotNet/SecretsManager/SecretsManager.csproj
+++ b/sdk/dotNet/SecretsManager/SecretsManager.csproj
@@ -5,9 +5,9 @@
         <LangVersion>9</LangVersion>
         <Company>Keeper Security Inc.</Company>
         <Product>SecretsManager .Net SDK</Product>
-        <AssemblyVersion>16.6.6</AssemblyVersion>
-        <FileVersion>16.6.6</FileVersion>
-        <PackageVersion>16.6.6</PackageVersion>
+        <AssemblyVersion>16.6.7</AssemblyVersion>
+        <FileVersion>16.6.7</FileVersion>
+        <PackageVersion>16.6.7</PackageVersion>
         <NeutralLanguage>en-US</NeutralLanguage>
         <PackageId>Keeper.SecretsManager</PackageId>
         <Authors>Sergey Aldoukhov</Authors>
diff --git a/sdk/dotNet/SecretsManager/SecretsManagerClient.cs b/sdk/dotNet/SecretsManager/SecretsManagerClient.cs
index bcb6eec6..01bdf108 100644
--- a/sdk/dotNet/SecretsManager/SecretsManagerClient.cs
+++ b/sdk/dotNet/SecretsManager/SecretsManagerClient.cs
@@ -1262,7 +1262,7 @@ private static CreatePayload PrepareCreatePayload(IKeyValueStorage storage, Crea
 
             var recordBytes = JsonUtils.SerializeJson(recordData);
             var recordKey = CryptoUtils.GetRandomBytes(32);
-            var recordUid = CryptoUtils.GetRandomBytes(16);
+            var recordUid = CryptoUtils.GetUidBytes();
             var encryptedRecord = CryptoUtils.Encrypt(recordBytes, recordKey);
             var encryptedRecordKey = CryptoUtils.PublicEncrypt(recordKey, ownerPublicKey);
             var encryptedFolderKey = CryptoUtils.Encrypt(recordKey, folderKey);
@@ -1283,7 +1283,7 @@ private static CreateFolderPayload PrepareCreateFolderPayload(IKeyValueStorage s
 
             var folderDataBytes = JsonUtils.SerializeJson(new KeeperFolderName { name = folderName });
             var folderKey = CryptoUtils.GetRandomBytes(32);
-            var folderUid = CryptoUtils.GetRandomBytes(16);
+            var folderUid = CryptoUtils.GetUidBytes();
             var encryptedFolderData = CryptoUtils.Encrypt(folderDataBytes, folderKey, true);
             var encryptedFolderKey = CryptoUtils.Encrypt(folderKey, sharedFolderKey, true);