本文介绍报表服务中的数据加密原理及密钥管理流程,包括对称密钥和非对称密钥的作用、备份与恢复策略、常见故障排查方法等。
Author: Steve Chowles
RSKeyMgmt –e –f
<
backup
file
>
-p
<
password
>
-i
<
instance
>
RSKeyMgmt –a –f
<
backup
file
>
-p
<
password
>
-i
<
instance
>
RSKeyMgmt –a –f
<
backup
file
>
-p
<
password
>
-i
<
instance
>
RSKeyMgmt –s -i
<
instance
>
RSKeyMgmt –s -i
<
instance
>
RSKeyMgmt –d -i
<
instance
>
RSKeyMgmt –d -i
<
instance
>
SELECT
c.Path
FROM
DataSource d
JOIN
Catalog c
ON
d.ItemID
=
c.ItemID
WHERE
c.Type
=
5
ORDER
BY
1
SELECT
c.Path,
s.Description
FROM
Subscriptions s
JOIN
Catalog c
ON
c.ItemID
=
s.Report_OID
ORDER
BY
1
,
2
This is the second part of my two part series on Reporting Services Encryption. The first part of the series can be read here.This article will explain how we maintain the keys and various recovery scenarios.
这是关于报表服务加密的系列文章的第二篇文章
.
第一部分可以从这里阅读
.
这篇文章将讨论怎样维护密钥并讨论各种恢复场景
.
What Data is Encrypted
什么数据是加密的
First off let’s understand what data is encrypted in Reporting Services.
首先明白报表服务里面什么数据是加密的
.
Reporting Services encrypts and stores in the ReportServer database the following:
·
Data Source Connection Strings
. This is the information required to connect to a data source in order to retrieve data for a report. The connection string could contain a username and password.
·
Data Source Credentials
(Username and Passwords). These are the stored credentials outside of the connection string used for connecting to a data source in order to retrieve data for a report.
·
Subscriptions that store credentials
, for example when using the File Share delivery mechanism. This is the credentials required to access the file share.
·
Unattended User Account Credentials
. This account is used for unattended report processing where you would not need an account to access a data source.
报表服务加密和在
ReportServer
数据库中存储如下数据
:
·
数据源连接字符串
.
这个字符串用户报表连接一个数据源来获取数据
.
这个字符串应该包含登录数据库的用户名称和密码
.
·
数据源凭证
(
用户名称和密码
)
.
这些存储在字符串之外的凭证用于报表连接数据源获得数据
.
·
存储订阅的凭证
,
例如使用文件订阅方式时
,
这个凭证用户访问文件共享
.
·
默认用户的凭证
.
这个帐号用户用于自动运行的报表是的帐号连接数据源
.
Encrypted data is held in the following tables in the ReportServer database:
·
DataSource
·
Subscriptions
加密数据存放于
ReportServer
数据库中的如下表格中
:
·
DataSource
·
Subscriptions
What about the Credentials to Connect to the ReportServer Database
You may have noticed that there is some encrypted data in the ReportServer configuration file:
C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/ReportServer/
rsreportserver.config.
Under the <Configuration> section is a <DSN> element with encrypted data. This holds the Connection String the ReportServer web service and Report Server Windows Service uses in order to connect to the ReportServer database. During Reporting Services Configuration when you went through the Database Setup, you had to select the credentials for connecting to the ReportServer database. By default the connection allows windows authenticated access however; you can change the connection string information using the command RSCONFIG.EXE
关于连接
ReportServer
数据库的凭证
也许已经注意到在
C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/ReportServer/rsreportserver.config
的
ReportServer
配置文件中有一些加密数据
.
在
<Configuration>
项下有一个
<DSN>
的节点就是加密的数据
.
这里保存的是
ReportServer web
服务和报表服务器的
Windows
服务用于连接
ReportServer
数据库的连接字符串
.
在配置报表服务过程中
,
在建立数据库时
,
需要选择连接
ReportServer
数据库的凭证
.
默认情况下
,
该连接运行
windows
的授权访问
,
可以通过
RSCONFIG.EXE
命令来修改该连接字符串信息
.
Alsounder the <UnattendedExecutionAccount> section is the encrypted account name used for Unattended Execution operations. This can be set using the Reporting Services Configuration Manager or using the command RSCONFIG.EXE.
同样在
<UnattendedExecutionAccount>
节点下是加密的用于自动执行操作的账户名称
.
该帐号可以通过报表服务管理器设置或者使用
RSCONFIG.EXE
命令来设置
.
The data is encrypted using CRYPTPROTECTDATA and CRYPTUNPROTECTDATA API’s using the machine key. A machine key is generated for a machine that any user can use to decrypt data. This is important because the account running the ReportServer application pool and the Reporting Services windows service account needs to be able to connect to the ReportServer database however; they do not need to be the same account name.
数据使用
CRYPTPROTECTDATA
加密或者使用机器密钥调用
CRYPTUNPROTECTDATA API
来加密
.
机器密钥是由机器产生
,
任何用户都可以使用它来解密数据
.
这是很重要的
,
因为用于运行
ReportServer
应用程序缓存池的用户和用户报表服务的
windows
服务的帐号需要连接
ReportServer
数据库
.
这些帐号不必为同一个帐号
.
Maintaining the Encryption Keys
Maintaining the keys is about having a backup and restore strategy for the keys and the ability to recover from any situation.
维护密钥
维护密钥是密钥的备份和还原策略已经在任何情况下的恢复能力.
Backing up the Symmetric Key
Once a symmetric key is created it remains the same for the life of the Reporting Services installation or until it is manually changed by a DBA. So theoretically we only need to backup a key once or after it is changed however; you would have to be very confident that the backup file is available if you ever need to recover it.
备份对称密钥
对称密钥一旦创建,将会和报表服务安装一样的生命周期除非被DBA手动修改.所以理论上密钥只需要备份一次或者在密钥改变之后.必须非常肯定在你需要还原的时候能够找到备份文件.
The backup of the symmetric key only takes seconds to complete so my advice would be to schedule it on a weekly basis or after a key change and ensure the backup file is written to tape. This way you do not run the risk where having one tape from being corrupt, lost or reused.
备份对称密钥只需要几秒钟即可完成,所以我建议每周定期备份或者是密钥修改后备份,并且将备份文件写入磁带上.这种方式即使是有磁带损坏,丢失或者重用后也不会有风险.
When you backup the Symmetric key you need to supply a password to the backup. This is to ensure the Symmetric key is not stored in the backup file in a decrypted format which can easily be feed into an app to decrypt the information in Reporting Services. So this means you need to manage a password for the backup files otherwise you will never be able to restore the key. How you do this will depend on the number of DBA’s you have, whether there are separate global teams and what systems you have in place to store passwords.
在备份对称密钥是需要提供一个密码来备份
.
这是为了保证对称密钥不会在备份文件中保存为解密格式
,
这种解密格式的保存是为了方便报表服务将解密的信息导入应用程序
.
这就意味着必须为备份文件加上一个密码否则将不能还原密钥
.
怎样做将取决于你的
DBA
的数量
,
或者是否是独立的团队和你存储密码的系统是什么
.
Note
: The Asymmetric keys are not backed up because they can be regenerated automatically from the Reporting Services Windows Service. I will explain this in more detail in the coming sections.
提示:
非对称密钥不需要保存,因为它是由报表服务的windows服务重新自动产生的.我将在后续的章节中详细讨论.
There are two ways to backup the Symmetric key:
·
Use the Backup option under Encryptions Keys in the Reporting Services Configuration Manager for the Reporting Services instance and supply a password and backup file.
·
Use the command RSKeyMgmt.exe as shown below
For a default installation the RSKeyMgmt.exe command will be in the folder:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
有两种方式来备份对称密钥
:
·
使用报表服务实例下的报表服务配置管理器中的密钥下面的备份选项并且输入一个密码来备份
.
·
使用如下命令
RSKeyMgmt.exe
来备份
.
默认安装下,
RSKeyMgmt.exe
安装在如下目录
:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
You run the command with the following parameters
RSKeyMgmt –e –f <backup file> -p <password> -i <instance>
-e
means Extract to retrieve the Symmetric Key
-f
is the file to contain the Symmetric key
-p
is a password which is used to encrypt the Symmetric key before it is written to the backup file
-i
is the local Instance of Reporting Services. The default is MSSQLSERVER which points to a default instance.
可以使用如下参数来运行该命令:
RSKeyMgmt –e –f
<
backup
file
>
-p
<
password
>
-i
<
instance
>
-e
意思是提取对称密钥
-f
保存对称密钥的文件
-p
用于在写入备份文件时加密对称密钥的密码
-i
是报表服务的本地实例
.
默认情况下指向默认实例的是
MSSQLSERVER.
Note
: There is no Server parameter in order to backup the keys remotely. You can manually back them up remotely using the Reporting Services Configuration Manager and connecting to the remote instance.
提示
:
远程备份密钥没有相应的服务器参数
.
可以连接远程实例使用报表服务配置管理器远程手动备份对称密钥
.
Restoring the Symmetric Key
I will now explain how restore the Symmetric key from a backup however; in later sections I will explain when to restore a key.
还原对称密钥
现在讨论从一个备份中还原对称密钥,在后续章节我将讨论什么情况下还原密钥.
The restoration of the key only updates the Keys table in the ReportServer database. The key is extracted from the backup file, encrypted with the Public Asymmetric key for that instance and then written into the Keys table. If the restoration of the key is successful this does not mean any credentials can be decrypted, this can only be determined by running a report.
对称密钥的还原只是修改
ReportServer
数据库上面的
Keys
表
.
对称密钥从备份文件中提取
,
由该实例的非对称密钥的公钥加密然后写入
Keys
表中
,
如果对称密钥还原成功
,
并不意味这所有凭证都解密
.
这个仅仅能够通过报表来查看
.
There are two ways to restore the Symmetric key:
·
Use the Restore option under Encryptions Keys in the Reporting Services Configuration Manager for the Reporting Services instance and supply a password and backup file.
·
Use the command RSKeyMgmt.exe as shown below
For a default installation the RSKeyMgmt.exe command will be in the folder:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
有两种方式还原对称密钥:
·
使用报表服务实例下的报表服务配置管理器中的密钥下面的还原选项并且输入一个密码来还原
.
·
使用如下命令
RSKeyMgmt.exe
来还原
.
默认安装下,
RSKeyMgmt.exe
安装在如下目录
:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
You run the command with the following parameters
RSKeyMgmt –a –f
<
backup
file
>
-p
<
password
>
-i
<
instance
>
-a
means Apply to restore the Symmetric Key
-f
is the file to contain the Symmetric key
-p
is a password which was used to encrypt the Symmetric key before it is written to the backup file
-i
is the local Instance of Reporting Services. The default is MSSQLSERVER which points to a default instance.
可以使用如下参数来运行该命令:
RSKeyMgmt –a –f
<
backup
file
>
-p
<
password
>
-i
<
instance
>
-a
意思是应用对称密钥
-f
保存对称密钥的文件
-p
用于在写入备份文件时加密对称密钥的密码
-i
是报表服务的本地实例
.
默认情况下指向默认实例的是
MSSQLSERVER.
Note
: There is no Server parameter in order to restore the keys remotely. You can restore them remotely using the Reporting Services Configuration Manager and connecting to the remote instance.
提示
:
远程恢复密钥没有相应的服务器参数
.
可以连接远程实例使用报表服务配置管理器远程手动恢复对称密钥
.
How Do I Change the Symmetric Key
OK so now we are getting into the sections which deal with recovery and troubleshooting.
怎样修改对称密钥
现在讨论怎样恢复和解决问题.
For security or auditing reasons you may be forced to periodically change the Symmetric key. This process is very straight forward however; there is one important point you must understand. You cannot change the Symmetric key if you cannot first decrypt the data with the original key. So this means if you lose the Symmetric key for any reason, you will not be able to decrypt the data and give it a new key. In this situation your only choice is to delete the encrypted data as described further on.
基于安全和审计因素
,
需要定期修改对称密钥
.
这个过程非常简单
,
但是重要的是必须清楚怎样修改
.
如果不是使用原始密钥首先解密数据
,
那么将无法修改对称密钥
.
所以
,
无论什么原因丢失了原来的对称密钥
,
那么将不能解密数据
,
更不能更新为新密钥
.
这种情况下
,
唯一的选择是将要提到的删除加密数据
.
You have to make sure that there are no reports running or users accessing using Reporting Services when you do this. The length of time to complete the change will depend on the number of entries in the DataSource and Subscriptions tables. Also note in a Scale-Out environment when there are two or more Reporting Services, changing the Symmetric key will change it for all the Reporting Services installations and so you need to ensure neither one is being used.
在修改密钥时,必须确保没有用户在使用报表服务或者报表在运行.修改时间的长短取决于
DataSource
和
Subscriptions
表里面的记录数量.值得提醒的时,向外扩展模式中有两个或者多个报表服务的情况下,将修改所有报表服务安装的对称密钥,所以必须保证没有任何一个报表服务正在被使用.
You can prevent anyone from using Reporting Services as follows:
·
Start the SQL Server Surface Area Configuration tool
·
Click Surface Area Configuration for Features
·
Select your Reporting Services Instance
·
Click Web Service and HTTP Access
·
Remove the check from Enable Web Service and HTTP access
可以通过如下方式防止用户连接报表服务
:
·
打开
SQL Server Surface Area Configuration
工具
·
选择
Surface Area Configuration for Features
·
选择报表实例
·
点击
Web Service and HTTP Access
·
去掉勾选的
Enable Web Service and HTTP access
There are two ways to change the Symmetric key:
·
Use the Change option under Encryptions Keys in the Reporting Services Configuration Manager for the Reporting Services instance and supply a password and backup file.
·
Use the command RSKeyMgmt.exe as shown below
For a default installation the RSKeyMgmt.exe command will be in the folder:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
You run the command with the following parameters
RSKeyMgmt –s -i
<
instance
>
-s
means we are going to generate a new Symmetric key and re-encrypt all the encrypted data.
-i
is the local Instance of Reporting Services. The default is MSSQLSERVER which points to a default instance.
Important
: Now you have generated a new key make sure you make a backup straight away.
有两种方式修改对称密钥
:
·
使用报表服务实例的报表服务配置管理器下面的密钥的修改选项
,
输入一个密码和备份文件
.
·
使用如下的命令
RSKeyMgmt.exe
默认安装情况下,
RSKeyMgmt.exe
在如下目录:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
可以使用如下参数运行该命令
:
RSKeyMgmt –s -i
<
instance
>
-s
表示将产生一个新的对称密钥并重新加密所有的加密数据
.
-i
表示报表服务的本地实例
.
默认情况下是指向一个默认实例的
MSSQLSERVER.
重要
:
现在已经产生了一个新的对称密钥并保证直接将该密钥备份
,
When do I Need to Restore the Symmetric Key
Firstly let’s discuss what changes to Reporting Services causes a need to restore the Symmetric key. As I have mentioned before the Symmetric key never changes otherwise you cannot decrypt the data. If you do change the key you would have to decrypt the data with the old key and then encrypt it again with the new key and described in the previous section.
还原对称密钥的时机
首先讨论修改了报表服务的哪些地方必须还原对称密钥.之前提到,对称密钥在不能解密数据的情况下不能修改.如果要修改对称密钥必须像我前面提到的,使用原来的密钥解密数据然后使用新的对称密钥再次加密.
There are occasions when you need to restore a Symmetric key even when it has not changed. This is when the Asymmetric key has changed and you need to encrypt the original Symmetric key with the new Public Asymmetric key.
在一些情况下必须还原对称密钥即使对称密钥没有修改过
.
这就是当非对称密钥已经修改
,
那么必须使用新的非对称密钥的公钥来加密原来的对称密钥
.
The following list details when you should restore the Symmetric Key
·
Changing the Service Account of the Reporting Services Windows Service
·
Resetting the password for the Reporting Services Windows Service account
·
Rebuilding a Reporting Services Machine
·
Upgrading Reporting Services
下面列举出了必须还原对称密钥的详细情况
:
·
修改了
windows
服务中报表服务的帐号
·
重设了
windows
服务中报表服务帐号的密码
·
重装了报表服务所在的机器
·
报表服务升级
Interestingly there are places in Books Online that says renaming the machine will require the symmetric key to be restored. When I tested renaming a machine it worked OK without requiring a restore. In fact the only thing I had to do after the rename is what is shown in books online under “Renaming a Report Server Computer”.
有趣的是
,
在联机丛书上说重命名了计算机后将需要还原对称密钥
,
当我测试重命名了计算机后
,
报表服务还是正常工作而不需要还原密钥
.
实际上
,
我在重命名计算机后只是完成了联机丛书上
”
重命名一个报表服务器
”
下的操作
.
Changing the Service Account of the Reporting Services Windows Service
I explained in the first article that the Asymmetric keys are generated by the Windows Service. It generates keys based on what we call Machine Store and User Store values. The Machine Store is the name of the machine and the User Store is based on the User that generates the key i.e.; the Windows Service account. The reason for having two is so we are able to generate the original Private key if either the Machine name changes or we change the Windows Service account. This is so we can decrypt the Symmetric key with the original Private key and re-encrypt with the new Private key. Obviously what we cannot do is change both the machine name and the User account at the same time.
修改windows服务中的报表服务的帐号
在我前一篇文章中提到,非对称密钥是由windows服务产生的.它产生的非对称密钥是基于我们称之为
机器寄存和用户寄存
的值
.
机器寄存是指机器的名称
,
而用户寄存是基于产生非对称密钥的用户
,
例如
,windows
服务帐号
.
这样就可以使用原来的私钥解密对称密钥
,
然后使用新的私钥来重新加密
.
很显然
,
不能同时修改机器名称和用户帐号
.
If you ever need to change the Windows account then use the Reporting Services Configuration Manager to complete the task. This is because it carries out various tasks under the covers to ensure it has the right access.
如果真的需要修改
windows
帐号
,
那么就用报表服务配置管理器来完成
.
这个是为什么这个工具实现各种不同的操作来保证报表服务可以正常访问
.
You can change the Service Account as follows:
·
Start the Reporting Services Configuration Manager for the Instance you wish to change
·
Click on Windows Service Identity on the left hand side
·
Enter or Select the Account you wish to
·
Click Apply at the bottom of the Screen
·
You will be prompted to backup the Symmetric key. Enter a password and a file name
·
Click OK
·
When prompted for an Administrator account in order to carry out the changes, select and enter the appropriate credentials for your installation.
·
The change will now take place and complete when the Task Status finishes with “Restoring Encryption Key”
可以通过如下方式来修改
windows
帐号
:
·
在需要修改
windows
帐号的报表服务实例上启动报表服务配置管理器
·
在左侧点击
Windows
服务标识
·
输入或者选择需要的帐号
·
点击下方的应用按钮
·
系统将提示输入密码和文件名称来备份对称密钥
·
点击确认
·
系统将提示使用具有管理员权限的帐号来完成该操作
,
输入一个具有管理员权限的凭证来完成配置
.
·
当
”
还原密钥
”
操作完成时修改也同时生效
Resetting the password for the Reporting Services Windows Service account
If you change the password of the windows service account by specifying the old password followed by the new password, the keys remain the same and everything is fine. If you have a system administrator reset your password by not specifying the old password, the keys become invalid.
重设
windows
服务的报表服务的帐号的密码
如果通过提供旧密码和新密码的方式来修改windows服务的报表服务帐号,那么对称密钥还是有效的,报表服务也可以正常运行.如果使用系统管理员在没有输入旧密码的情况下重置密码,那么对称密钥将失效.
If the Windows password is reset you will need to perform the following:
·
Stop the Windows service
·
Change the Password for the Windows Service using the services.msc snap in.
·
Restart the Windows service
·
Check the Windows Service Errorlog ReportServerService_<timestamp>.log in C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/LogFiles and look for any Encryption errors.
·
If the Windows service is unable to decrypt the Symmetric key, restore the Symmetric key from your backup.
·
Stop and Start the Windows Service and repeat the above.
重设
windows
密码需要完成如下一些步骤
:
·
停止
windows
服务
·
使用
servics.msc
扩展工具来修改
windows
服务的密码
·
重启
windows
服务
·
检查
C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/LogFiles
目录下的
windows
服务错误日志
ReportServerService_<timestamp>.log
,
看是否有任何的加密
错误
.
·
如果
windows
服务不能解密对称密钥
,
那么从备份文件中还原对称密钥
·
停止和启动
windows
服务并重复上述步骤
Rebuilding a Reporting Services Machine
When you rebuild a Reporting Services Installation, in order to use an existing encryption key you need to ensure the following are the same:
·
The Installation ID is the same
·
The Machine Name is the same
·
The Instance Name is the same
·
The Windows Service account and password are the same.
重装报表服务的机器
当重装报表服务的机器,为了使用相同的加密密钥,那么就要保证如下的数据保持一致:
·
安装的
ID
·
机器名称
·
实例名称
·
Windows
服务的帐号和密码
The first three are held in the Keys table in the ReportServer database and are used to identify the row containing the Symmetric Key. The Windows Service account and password are used to generate the Asymmetric keys.The Installation ID is contained in the rsreportserver.config file in the ReportServer Virtual Directory under the element <InstallationID>.
前三个保证在ReportServer数据库中Keys表中用于标识有对称密钥的行.Windows服务帐号和密码用于产生相应的非对称密钥.安装ID包含在ReportServer虚拟目录下的rsreportserver.config配置文件中的<InstallationID>节点下.
Any changes in the above will require you to restore the Symmetric key from the backup.
上述的任何修改都需要从备份中还原对称密钥
.
Upgrading Reporting Services
Books Online describes the upgrade process which I will not cover here. I just wanted to add that depending on how you do the upgrade will depend on whether you need to restore the Symmetric key.
升级报表服务
联机丛书上有升级过程的叙述,我在此就不累述.我只是提醒一下,升级方式将决定是否需要还原对称密钥.
Troubleshooting Encryption Failures
加密失败的分析
What Errors Indicate an Encryption Problem
A good indication as to whether you have an encryption problem is to run a report that uses stored credentials. You may get the error:
An error has occurred during report processing.
The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content and then restart the service.
Check the documentation for more information.
(rsReportServerDisabled) Bad Data.
什么错误表明加密有问题
一个很好的检验加密是否有问题是使用存储的凭证运行一个报表.如果收到如下错误:
在产生报表过程中遇到错误.
报表服务器不能解密用于访问报表服务器数据库中的敏感数据或加密数据的对称密钥.必须还原一个备份的密钥或者删除加密的密文然后重启服务.检查文档获得更多信息. (rsReportServerDisabled) 错误数据.
You can also receive a similar message in the log file ReportServerService_<timestamp>.log when the Reporting Services Windows Service starts up and validates the key in the ReportServer database.
在启动
ReportServer
数据库的
windows
服务的报表服务和验证密钥时
,
也会在日志文件
ReportServerService_<timestamp>.log
中收到相同的错误信息
.
If you receive any errors that are related to decryption problems then just restore the Symmetric key. There are no side affects or issues restoring the key. It is also worth restarting the Windows service after you restore the key and ensure there are no error messages in the log file ReportServerService_<timestamp>.log
如果收到任何解密相关问题的错误
,
那么仅仅需要还原对称密钥
.
还原对称密钥是没有影响的
.
在还原密钥后重启
windows
服务以确保在日志文件
ReportServerService_<timestamp>.log
中没有任何错误信息
I mentioned that the credentials used by the Windows Services and Web Services are stored in the configuration file rsreportserver.config in the ReportServer Virtual Directory. If there is an issue decrypting this information then you will get the following error:
The encrypted value for configuration setting Dsn cannot be decrypted. (rsFailedToDecryptConfigInformation)
An internal error occurred on the report server. See the error log for more details. (rsInternalError)
我提到用于
windows
服务和
web
服务的凭证存储在
ReportServer
虚拟目录下的
rsreportserver.config
配置文件中
.
如果在解密这些信息时出错
,
那么将会遇到如下错误
:
配置中 Dsn设置的加密的值不能被解密(rsFailedToDecryptConfigInformation).
在报表服务器上发生内部错误,请检查错误日志获得更多信息
(rsInternalError)
You can use the RSCONFIG.EXE utility to specify and verify the account used for connecting to the ReportServer database.
可以使用
RSCONFIG.EXE
工具来指定和验证用于连接
ReportServer
数据库的帐号
.
What happens if I do Not have a Backup
If you do not have a backup then you will not be able to decrypt any encrypted data. This is very bad news and can result in a lot of effort to manually recreate all the data sources and subscription information.When you delete the Symmetric key the Windows service will automatically create a new one. In a Scale-Out environment you will need to initialize each Report Server from the server where you originally deleted the key.
如果没有备份文件怎么办
如果没有备份文件那么就不能解密任何加密的数据
.
遗憾的说
,
只有做大量的工作来重建所有的数据员和订阅信息
.
当删除对称密钥时
,Windows
服务会自动创建一个新的对称密钥
.
在扩展模式中必须在你删除原来的对称密钥的服务器上对每个报表服务器进行初始化
.
There are two ways to delete the encrypted content.
·
Use the Delete option under Encryptions Keys in the Reporting Services Configuration Manager for the Reporting Services instance and supply a password and backup file.
·
Use the command RSKeyMgmt.exe as shown below
For a default installation the RSKeyMgmt.exe command will be in the folder:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
You run the command with the following parameters
RSKeyMgmt –d -i
<
instance
>
-d
means we are going to delete all the encrypted content
-i
is the local Instance of Reporting Services. The default is MSSQLSERVER which points to a default instance.
有两种方式可以删除加密信息
:
·
使用报表服务实例的报表服务配置管理器下面的密钥的
删除
选项
,
输入一个密码和备份文件
.
·
使用如下的命令
RSKeyMgmt.exe
默认安装情况下, RSKeyMgmt.exe在如下目录:
C:/Program Files/Microsoft SQL Server/90/Tools/binn
可以使用如下参数运行该命令
:
RSKeyMgmt –d -i
<
instance
>
-d
表示将删除所有的加密数据
.
-i
表示报表服务的本地实例
.
默认情况下是指向一个默认实例的
MSSQLSERVER.
After this command is run you need to manually add back in all the credential information.
在这个命令完成后
,
需要手动将所有的凭证信息写回去
.
You can list all the Data Sources by running the following in the ReportServer database and then try and determine what information need adding.
你可以在
ReportServer
数据库中用如下脚本列出所有的数据源并确定哪些需要回写
:
SELECT
c.Path
FROM
DataSource d
JOIN
Catalog c
ON
d.ItemID
=
c.ItemID
WHERE
c.Type
=
5
ORDER
BY
1
You can list all the Subscriptions by running the following in the ReportServer database and then you need to view each of them to determine which ones need credentials added.
你可以在
ReportServer
数据库中用如下脚本列出所有的订阅并检查每个订阅确定确定哪些凭证需要回写
:
SELECT
c.Path, s.Description
FROM
Subscriptions s
JOIN
Catalog c
ON
c.ItemID
=
s.Report_OID
ORDER
BY
1
,
2
That brings me to the end of this article. I hope it was useful.
本文到此为止,希望对你有所帮助!
扫一扫
898
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
