Export (0) Print
Expand All

Test Lab Guide: Configure Secure Store

SharePoint 2013

Published: December 18, 2012

Summary: Configure Secure Store in a test lab environment.

Applies to:  SharePoint Server 2013 Enterprise 

This article explains how to set up the Secure Store Service in a test lab that is based on the Configure SharePoint Server 2013 Preview in a Three-Tier Farm test lab guide.

Important Important:

This scenario applies only to Microsoft TechNet Test Lab Guides.

In this article:

Scenario overview

This test lab guide explains how to configure Secure Store. This includes:

  • Creating an Active Directory account to run the Secure Store application pool and registering it as a managed account in SharePoint Server.

  • Starting the Secure Store Service and creating a Secure Store service application.

  • Generating an encryption key for the Secure Store database.

Before you begin

Before starting, make sure you have completed the steps in Test Lab Guide: Configure SharePoint Server 2013 in a Three-Tier Farm, including the prerequisite test lab guides discussed in that document. This test lab uses the three-tier infrastructure that is created in the Configure SharePoint Server 2013 in a Three-Tier Farm test lab guide.

Configure a managed account

The Secure Store service application requires an application pool to operate. The application pool requires an Active Directory account to run. Use the following procedure to create an Active Directory account for the application pool.

To create an Active Directory account

  1. Log on to DC1 as Corp\Administrator.

  2. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.

  3. Expand corp.contoso.com.

  4. Right-click ServiceAccounts, click, New, and then click User.

  5. In the Full name text box, type Secure Store Application Pool.

  6. In the User logon name text box, type SecureStore.

  7. Click Next.

  8. Type and confirm a password for the account.

  9. Clear the User must change password at next logon checkbox.

  10. Select the Password never expires checkbox.

  11. Click Next.

  12. Click Finish.

Once the account has been created, the next step is to register it as a managed account in SharePoint Server 2013. Use the following procedure to register the managed account.

To register a managed account in SharePoint Server

  1. Log on to APP1 as Corp\User1.

  2. Click Start, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.

  3. On the Central Administration home page, in the left navigation, click Security.

  4. On the Security page, in the General Security section, click Configure managed accounts.

  5. On the Managed Accounts page, click Register Managed Account.

  6. In the User name text box, type CORP\SecureStore.

  7. In the Password text box, type the password for the CORP\SecureStore account.

  8. Click OK.

Once the CORP\SecureStore account has been registered as a managed account, the next step is to configure a Secure Store service application. This is covered in the next section.

Configure a Secure Store service application

Prior to creating a Secure Store service application, we need to start the Secure Store Service on APP1.

To start the Secure Store Service

  1. On the Central Administration home page, in the System Settings section, click Manage services on server.

  2. Above the Service list, click the Server drop-down list, and then click Change Server.

  3. Click APP1.

  4. In the Service list, click Start next to Secure Store Service.

Once the Secure Store Service has been started, the next step is to create a Secure Store service application.

To create a Secure Store service application

  1. On the Central Administration home page, in the Application Management section, click Manage service applications.

  2. On the Manage Service Applications page, click New, and then click Secure Store Service.

  3. In the Service Application Name box, type Secure Store.

  4. In the Database Server box, type SQL1.

  5. Select the Create new application pool option and type SecureStoreAppPool in the text box.

  6. Select the Configurable option, and, from the drop-down list, select CORP\SecureStore.

  7. Click OK.

The Secure Store Service has now been configured. The next step is to generate an encryption key for encrypting the Secure Store database.

Generate an encryption key

The first time that you access the Secure Store service application, your only option is to generate a new encryption key. Once the key has been generated, the rest of the Secure Store functionality becomes available.

Use the following procedure to generate an encryption key for Secure Store.

To generate a new encryption key

  1. On the Central Administration home page, in the Application Management section, click Manage service applications.

  2. Click the Secure Store service application.

  3. On the ribbon, in the Key Management section, click Generate New Key.

  4. On the Generate New Key page, type a pass phrase string in the Pass Phrase box, and type the same string in the Confirm Pass Phrase box. This pass phrase is used to encrypt the Secure Store database.

    Important Important:

    A pass phrase string must be at least eight characters and must have at least three of the following four elements:

    • Uppercase characters

    • Lowercase characters

    • Numerals

    • Any of the following special characters

      “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

    Important Important:

    The pass phrase that you enter is not stored. Make sure that you write this down and store it in a safe place. You must have it to refresh the key, such as when you add a new application server to the server farm.

  5. Click OK.

Once the key has been generated, Secure Store is ready to use.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft