Backing Up the MIIS 2003 Encryption Key

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You need to regularly back up the encryption key that MIIS 2003 uses to encrypt data and credentials. Failure to back up encryption keys can lead to loss of encrypted data and credentials. To back up the encryption key, use the MIIS Key Management Utility.

The MIIS Key Management Utility has two different user interfaces: command line and a Windows wizard. For most backup and restore operations of the encryption key, the command line interface is sufficient. For more advanced backup operations of the encryption key, for example, to add a new encryption key to the key set or to abandon an existing key set and create a new set, you need to use the MIIS Key Management wizard.

To back up the encryption key, you must be logged on as a member of an MIIS security group and have administrative credentials on the local computer.

To back up the MIIS 2003 encryption key by using the command line

1. On the server where MIIS 2003 is running, change the directory by typing the following at the command line:

   cd %Programfiles%\Microsoft Identity Integration Server\bin

2. Type the following at the command line to save the encryption key to a floppy disk:

   miiskmu /e a:keyback.bin /u miisadmin *

   Table 4   Parameters for the Miiskmu Command

   Parameter	Description
   /e	Exports the key set to a file.
   a:keyback.bin	For the a: drive, specifies the file name in which you are saving the encryption key.
   /u	Specifies the MIIS 2003 service account credentials.
   miisadmin	Specifies the MIIS service account.

To back up the MIIS 2003 encryption key by using the MIISkmu wizard

1. Click Start, point to All Programs and Microsoft Identity Integration Server, and then click Key Management Utility.

2. Follow the instructions in the wizard.