Restore secure store services in SharePoint Server 2010
Published: May 12, 2010
In Microsoft SharePoint Server 2010, the Secure Store Service replaces Microsoft Office SharePoint Server 2007 Single Sign-on (SSO). The Secure Store Service provides the capability of securely storing credential sets and associating credentials to specific identities or a group of identities.
Every time you enter a new passphrase, SharePoint Server 2010 creates a new Master Key and re-encrypts the credentials sets with that key. The passphrase gives you access to the Master Key created by SharePoint Server 2010 that is used to encrypt the credential sets.
You will need the passphrase that was recorded when the Secure Store Service was backed up to restore the Secure Store Service.
Procedures in this task:
Use Central Administration to restore the Secure Store Service in SharePoint
Use the following procedure to restore the Secure Store Service by using the SharePoint Central Administration Web site.
To restore the Secure Store Service by using Central Administration
Verify that the user account performing this procedure is a member of the Farm Administrators group.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, select the backup job that contains the backup that you want, or a farm-level backup, from the list of backups, and then click Next. You can view more details about each backup by clicking the (+) next to the backup.
If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct backup folder, and then click Refresh.
You cannot use a configuration-only backup to restore the Secure Store Service.
On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services Applications and select the check box that is next to the Secure Store Service application backup group, and then click Next.
On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, make sure that Farm\Shared Services\Shared Services Applications\<Secure Store Service name> appears in the Restore the following component list.
In the Restore Options section, under Type of restore, select the Same configuration option. A dialog box will appear that asks you to confirm the operation. Click OK.
Click Start Restore.
You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a several seconds for the recovery to start.
If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the path that you specified in step 3.
After the restore operation has successfully completed, you must refresh the passphrase.
In Central Administration, on the Home page, in the Application Management section, click Manage service applications.
On the Service Applications page, click the Secure Store Service name. You might receive an error that says “Unable to obtain master key.”
On the Secure Store Service page, on the ribbon, click Refresh Key.
In the Refresh Key dialog box, type the passphrase in the Pass Phrase box, and then click OK.
Use Windows PowerShell to restore the Secure Store Service in SharePoint
You can use Windows PowerShell to restore a the Secure Store Service.
To restore the Secure Store Service by using Windows PowerShell
Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:
Restore-SPFarm -Directory <Backup folder> -Item <Secure Store Service name> -RecoveryMethod Overwrite [-BackupId <GUID>] [-Verbose]
To specify which backup to use, use the
BackupIdparameter. You can view the backups for the farm by typing the following:
Get-SPBackupHistory -Directory <Backup folder> -ShowBackup. If you do not specify a value for the
BackupIdparameter, the most recent backup will be used. You cannot restore the Secure Store Service from a configuration-only backup.
For more information, see Restore-SPFarm.
After the restore operation has successfully completed, you must refresh the passphrase. At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:
Update-SPSecureStoreApplicationServerKey -Passphrase <Passphrase>
For more information, see Update-SPSecureStoreApplicationServerKey.