Export (0) Print
Expand All

Back up the Secure Store Service in SharePoint 2013

 

Applies to: SharePoint Server 2013

Topic Last Modified: 2013-12-18

Summary: Learn how to back up the Secure Store Service Application in SharePoint Server 2013.

You can back up the Secure Store Service by using the SharePoint Central Administration website, or Windows PowerShell. The backup tool that you use depends on the kind of environment that you have deployed, your backup schedule requirements, and service level agreements that you have made with your organization.

In this article:

The Secure Store Service provides the capability of securely storing credential sets and associating credentials to specific identities or a group of identities. Every time that you enter a new passphrase, SharePoint Server 2013 creates a new Master Key and re-encrypts the credentials sets with that key. The passphrase gives you access to the Master Key created by SharePoint Server 2013 that is used to encrypt the credential sets.

You should back up the Secure Store Service and record the passphrase after the Secure Store Service is first configured and again every time that you make configuration changes to the Secure Store Service or re-encrypt the credential information.

Before you begin this operation, review the following information:

  • You must create a folder on the local computer or the network in which to store the backups. For better performance, we recommend that you back up to the local computer and then move the backup files to a network folder.

  • Record the passphrase. You will need the passphrase when you access the restored Secure Store Service.

  • Ensure that you back up the Secure Store Service every time that you change or refresh the Master Key. When you change or refresh the Master key, the database is automatically re-encrypted with the new key. Backing up the Secure Store Service makes sure that the database and the Master key are in synchronization.

  • Keep the passphrase in a secure location.

NoteNote:
Because SharePoint Server 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint Server 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

You can use Windows PowerShell to back up the Secure Store Service manually or as part of a script that can be run at scheduled intervals.

To back up the Secure Store Service by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, type the following command:

    Backup-SPFarm -Directory  <BackupFolder> -BackupMethod Full -Item <SecureStoreService > [-Verbose]
    

    Where:

    • <BackupFolder> is the path of a folder on the local computer or on the network in which you want to store the backups.

    • <SecureStoreService> is the name of the Secure Store Service application that you want to back up.

    NoteNote:
    You must use the Full option to back up the Secure Store Service.

For more information, see Backup-SPFarm.

NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

You can use Central Administration to back up the Secure Store Service.

To back up the Secure Store Service by using Central Administration
  1. Verify that the user account that performs this procedure is a member of the Farm Administrators SharePoint group.

  2. Start SharePoint 2013 Central Administration.

    • For Windows Server 2008 R2:

      • Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Central Administration.

        If SharePoint 2013 Central Administration is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. In Central Administration, on the home page, in the Backup and Restore section, click Perform a backup.

  4. On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, expand the Shared Services Applications node, select the Secure Store Service application from the list of components, and then click Next.

    NoteNote:
    The Secure Store Service application might consist of several components. You must select the top-level component.
  5. On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select Full.

  6. In the Backup File Location section, in the Backup location box, type the path of the backup folder, and then click Start Backup.

  7. You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

    If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 5.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft