Secure Store Service - Neither "Generate New Key" Nor "Refresh Key" Work

Hi there,

I'm planning my moving of a 2010 farm to 2013 and following the TechNet "Upgrade service applications to SharePoint 2013" guide, one of the first service applications I should deal with is the Secure Store. I restored a copy of my 2010 secure store database to the new 2013 server, and with some changes to the process laid out in the guide, got the new application created and using the restored database, and got the database upgraded to 2013. But I cannot generate a new master key or refresh the key. Sad situation of nobody having written down the original passphrase. But referring to other articles I should be able to set a new key! Central Admin gives the  error "Exception of type 'Microsoft.Office.SecureStoreService.Server.KeyManagement.InvalidMasterKeyException' was thrown."

I've made sure the account making the change is one of administrators of the service application, with full control, and has db_owner rights in SQL, and I've tried stopping and restarting the Secure Store service. No luck. And of course I've tried every passphrase I think might have been used in 2010.

Does anyone have a way to force a reset of the passphrase?

Thanks,
Tom

August 26th, 2015 8:34pm

Try using powershell: https://technet.microsoft.com/en-us/library/ff607973(v=office.15).aspx

You must be a farm admin to run this command. Logon to the SP server with a farm admin account, open powershell cmd in admin mode and run the command.

Hope this helps.

Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 10:37pm

Unfortunately that doesn't work. I'm using the farm account, it's in the farm administrators group, and PowerShell is running in administrator mode. The error is still:

The Microsoft Secure Store Service application Secure Store encountered a failure while restoring the encryption key.  The error returned was: 'Exception of type 'Microsoft.Office.SecureStoreService.Server.KeyManagement.InvalidMasterKeyException' was thrown.'

Tom

August 27th, 2015 11:49am

Can you try instead setting new key in 2010 first, see if that works, then upgrade database to 2013. This way you can have key whenever you are using secure store database.

Above command is valid for 2010 as well.

Hope this helps.

Free Windows Admin Tool Kit Click here and download it now
August 27th, 2015 10:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics