Why Would You Generate A Secure Store Master Key

 
Why Would You Generate A Secure Store Master Key Rating: 3,8/5 1517 reviews
-->

I have some powershell to create a farm including the secure store service. Creating the secure store service master key fails. It fails and tells me the. Scenario/Problem: You need to create or change the master key for the Secure Store Service. Solution: Use the Update-SPSecureStoreMasterKey cmdlet. The Secure Store Service needs a master key before target applications can be created. To create or change the master key, use the Update-SPSecureStoreMasterKey.

APPLIES TO: 2013 2016 2019 SharePoint Online

You can restore the Secure Store service application by using the SharePoint Central Administration website or PowerShell. The restore tool that you use depends on the kind of environment that you have deployed, your schedule requirements, and service level agreements that you have made with your organization.

Before you begin

The Secure Store Service provides the capability of securely storing credential sets and associating credentials to specific identities or a group of identities.

Before you begin this operation, review the following information about the Secure Store service application:

  • Every time that you enter a new passphrase, SharePoint Server creates a new Master Key and re-encrypts the credentials sets with that key. The passphrase gives you access to the Master Key created by SharePoint Server that is used to encrypt the credential sets.

  • You will need the passphrase that was recorded when the Secure Store Service was backed up to restore the Secure Store Service.

Why Would You Generate A Secure Store Master Key Card

Using Central Administration to restore the Secure Store Service in SharePoint Server

Use the following procedure to restore the Secure Store Service by using Central Administration.

To restore the Secure Store Service by using Central Administration

  1. Verify that the user account performing this procedure is a member of the Farm Administrators group.

  2. Start Central Administration.

  3. In Central Administration, on the home page, in the Backup and Restore section, click Restore from a backup.

  4. On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, select the backup job that contains the backup that you want, or a farm-level backup, from the list of backups, and then click Next. You can view more details about each backup by clicking the (+) next to the backup.

    Note

    If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct backup folder, and then click Refresh. You cannot use a configuration-only backup to restore the Secure Store Service.

  5. On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services Applications and select the check box that is next to the Secure Store Service application backup group, and then click Next.

  6. On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, make sure that FarmShared ServicesShared Services Applications<Secure Store Service name> appears in the Restore the following component list.

    In the Restore Options section, under Type of restore, select the Same configuration option. A dialog box will appear that asks you to confirm the operation. Click OK.

    Click Start Restore.

  7. You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a several seconds for the recovery to start.

    If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the path that you specified in step 3.

  8. After the restore operation has successfully completed, you must refresh the passphrase.

  9. In Central Administration, on the home page, in the Application Management section, click Manage service applications.

  10. On the Service Applications page, click the Secure Store Service name. You might receive an error that says 'Unable to obtain master key.'

  11. On the Secure Store Service page, on the ribbon, click Refresh Key.

  12. Cad software crack rhinoceros license key generator. In the Refresh Key dialog box, type the passphrase in the Pass Phrase box, and then click OK.

Using PowerShell to restore the Secure Store Service in SharePoint Server

You can use PowerShell to restore the Secure Store Service.

To restore the Secure Store Service by using PowerShell

  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server cmdlets.

    Note

    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. Start the SharePoint Management Shell.

  3. At the PowerShell command prompt, type the following command:

    Where:

    • <BackupFolder> is the path for the backup folder where the service application was backed up.

    • <SecureStoreServicename> is the name of the Secure Store Service application.

    If you have multiple backups use the BackupId parameter to specify which backup to use. To view all of the backups for the farm, type the following command at the PowerShell command prompt:

    Note

    If you do not specify a value for the BackupId parameter, the most recent backup will be used. You cannot restore the Secure Store Service from a configuration-only backup.

  4. After the restore operation has successfully completed, you must refresh the passphrase. At the PowerShell command prompt, type the following command:

    Where <Passphrase>, is the one that you currently use.

Should errors occur while updating the Secure Store passphrase, see Refresh the Secure Store encryption key.

For more information, see Restore-SPFarm and Update-SPSecureStoreApplicationServerKey.

Note

We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

See also

Concepts

How to Create, Use, and Store a New Master Key for the Kerberos Database

Before You Begin

Why Would You Generate A Secure Store Master Key West

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2.

  1. Create a new master key.

    This command adds a new, randomly generated master key.The –s option requests thatthe new master key be stored in the default keytab.

  2. Verify that the new master key exists.

    The asterisk in this output identifies the currently active master key.

  3. Set a time for the newly created master key to become active.

    In this example, the date is set to two days in the future to allowtime for the new master key to propagate to all of the KDCs. Adjust the dateas appropriate for your environment.

  4. (Optional)After creating a new principal, verifythat the new master key is being used.

    In this example, MKey: vno 2 indicates that the principal'ssecret key is protected by newly created master key, 2.

  5. Re-encrypt the user principal secret keys with the new masterkey.

    If you add a pattern argument to the end of the command,the principals that match the pattern will be updated. Add the –n optionto this command syntax to identify which principals will be updated.

  6. Purge the old master key.

    After a master key is nolonger used to protect any principal secret keys, it can be purged from themaster key principal. This command will not purge the key if the key is stillbeing used by any principals. Add the –n option to this commandto verify that the correct master key will be purged.

  7. Verify that the old master key has been purged.
  8. Update the stash file.
  9. Verify that the stash file has been updated.