Migrating the reporting server component

Applies To: Forefront Client Security

Checklist

The following is a checklist of the high-level tasks required for you to successfully migrate the Client Security reporting server component. This checklist is included to help you perform the migration procedures. Detailed steps follow the checklist.

Migrating the reporting server component involves first installing a new reporting server. You must then back up the source reporting server's symmetric encryption key, which is used to encrypt the contents of the reporting server databases. Finally, you must configure the target reporting server and restore the encryption key back up from the source reporting server.

Preparing the target computer

To prepare the target reporting server, you must install SQL Server 2005.

To install SQL Server 2005

• Follow the instructions in "Install SQL Server 2005 with SP2 or SP1" in Installing the software prerequisites on the reporting server.

Back up the encryption key

Changing the identity of the computer running SQL Server 2005 Reporting Services requires that the symmetric encryption key used to encrypt the reporting services database be moved to the new server. On the source reporting server, you must back up this symmetric encryption key.

To back up the symmetric encryption key, you use the RSKeyMgmt.exe utility provided with SQL Server Reporting Services.

To back up the symmetric encryption key

1. On the source reporting server, open a command prompt and change to the following directory:

   Program Files\Microsoft SQL Server\90\Tools\Binn

2. Type the following command and press ENTER:

RSKeyMgmt  -e  [-i instancename **] ** **-f ** *destinationfile * **-p ** password

Configuring the target computer

SQL Server Reporting Services must be configured with the correct virtual server information.

To configure SQL Server Reporting Services

1. Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click Reporting Services Configuration.

2. Select the current server in the Machine Name box, and then click Connect.

3. In the left pane, click Server Status, and then in the right pane, click Stop.

4. In the left pane, click Report Server Virtual Directory.

5. Next to the Name box, click New.

6. In Create a New Virtual Directory, ensure that the Web site is Default Web Site, and then specify the virtual directory you want to use. (The default value is ReportServer.) Click OK.

7. Click Report Manager Virtual Directory.

8. Next to the Name box, click New.

9. In the Create a New Virtual Directory, make sure the Web site is Default Web Site, and then specify the virtual directory you want to use. (The default value is Reports.) Click OK.

10. Click Web Service Identity.

11. In the Report Server and the Report Manager boxes, select ReportServer. Click Apply.

12. Click Database Setup.

13. In the Server Name box, enter the reporting database server name, and then click Connect.

14. In the SQL Server Connection dialog box, click OK. Do not change the Credentials Type.

15. In Database Name, type ReportServer.

16. In the Credentials Type box, select Service Credentials.

    Important

    If your final topology will result in the SQL Server Reporting Service being separated from the ReportServer and ReportServerTempDB databases, select Windows Credentials.

17. In the Account Name and Password boxes, enter the domain user account that you want to use as the service account. This is the reporting user account specified during Client Security setup.

18. Click Apply.

19. In the SQL Server Connection dialog box, click OK. Do not change the Credentials Type.

You must also restore the back up of the symmetric encryption key from the source reporting server.

To restore the encryption key

1. In the Reporting Services Configuration Manager, click Encryption Keys.

2. Click Restore.

3. Type the password for the back up file in the Password text box.

4. Click the ellipsis button (…), browse to the location of the encryption key back up file, and then click Open.

5. In the Encryption Key Information dialog box, click OK.

Configuring the management server

The management server must be informed of the location of the new reporting server. This is done by running the Client Security Configuration wizard.

Configuring the management server

1. On the management server, in Administrative Tools, start the Services console.

2. If necessary, right-click Microsoft Forefront Client Security Management Service, and then click Start.

3. Start the Client Security console, click Action, and then click Configure.

4. On the Before You Begin page, click Next.

5. On the Collection Server and Database page, in the Collection database text box, verify the name of the collection database server (or servername\instancename if not using a default SQL Server instance), and then click Next.

6. On the Reporting Database page, do the following:

   1. In the Reporting database box, type the name of the reporting database server. If you are using a non-default SQL Server instance, type the name of the reporting database server and the SQL Server instance name in the format servername\instancename

   2. In the Reporting account box, enter the user name and password for the reporting account.

   3. Click Next.

7. On the Reporting Server page, do the following:

   1. In the Reporting server box, enter the name of the new reporting server.

   2. In the URL for Report Server and URL for Report Manager boxes, ensure the default values are entered.

   3. Click Next.

8. On the Verifying Settings and Requirements page, verify your system requirements, and then click Next. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

   • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (https://go.microsoft.com/fwlink/?LinkId=82466) in the Troubleshooting Guide.

   • Setup issues (https://go.microsoft.com/fwlink/?LinkID=86102) in the Troubleshooting Guide.

9. On the Completing the Configuration Wizard page, verify that you have successfully configured Client Security, and then click Close. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

   • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (https://go.microsoft.com/fwlink/?LinkId=82466) in the Troubleshooting Guide.

   • Setup issues (https://go.microsoft.com/fwlink/?LinkID=86102) in the Troubleshooting Guide.

10. In Administrative Tools, click Services.

11. In the service listing, right-click Microsoft Forefront Client Security Management Service, and then click Start.

Finally, you must verify communication with the new reporting server.

To verify communication

1. On the management server, open Internet Explorer and browse to https://servername/reports, where servername is the name of the new reporting server.

2. Click Microsoft Operations Manager Reporting.

3. Click Microsoft Forefront Client Security, and then click any report listed.

If any of the verifying communication steps fail, verify you have performed all previous steps. If communications continue to fail, contact Microsoft product support.

The final step in the migration of the Client Security reporting server component is to uninstall the reporting server component from the source server. This should be done only after successful verification of communication.

To uninstall the reporting server component

• Follow the instructions for uninstalling the reporting server component in Removing an existing installation of Client Security.