On a computer that is running Microsoft
SQL Server 2000 Reporting Services, if you change the
user account that you use to run the Report Server service, and then you restart the Report Server service, you may notice
a behavior that is similar to the following:
- If you change the user account that is used to run the
Report Server Windows service, you may receive an error message that is similar
to the following in the Reporting Services trace log:
ReportingServicesService!crypto!d00!5/18/2004-13:10:54:: i INFO: Initializing
crypto as user: DomainName\UserName
ReportingServicesService!crypto!d00!5/18/2004-13:10:54:: i INFO: Exporting
public key
ReportingServicesService!crypto!d00!5/18/2004-13:10:55:: i INFO: Performing
sku validation
ReportingServicesService!crypto!d00!5/18/2004-13:10:55:: i INFO: Importing
existing encryption key
ReportingServicesService!library!d00!5/18/2004-13:10:55:: e ERROR: Throwing
Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the symmetric key used to access sensitive or
encrypted data in a report server database. You must either restore a backup key
or delete all encrypted content and then restart the service. Check the
documentation for more information., ; Info:
Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the symmetric key used to access sensitive or
encrypted data in a report server database. You must either restore a backup
key or delete all encrypted content and then restart the service. Check the
documentation for more information. --->
System.Runtime.InteropServices.COMException (0x80090005): Bad Data.
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode,
IntPtr errorInfo)
at RSManagedCrypto.RSCrypto.ImportSymmetricKey(Byte[] pSymKeyBlob)
at Microsoft.ReportingServices.Library.ConnectionManager.GetEncryptionKey()
--- End of inner exception stack trace ---
ReportingServicesService!library!d00!5/18/2004-13:10:55:: Exception caught
while starting service. Error:
Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the symmetric key used to access sensitive or
encrypted data in a report server database. You must either restore a backup
key or delete all encrypted content and then restart the service. Check the
documentation for more information. --->
System.Runtime.InteropServices.COMException (0x80090005): Bad Data.
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode,
IntPtr errorInfo)
at RSManagedCrypto.RSCrypto.ImportSymmetricKey(Byte[] pSymKeyBlob)
at Microsoft.ReportingServices.Library.ConnectionManager.GetEncryptionKey()
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.Library.ConnectionManager.GetEncryptionKey()
at Microsoft.ReportingServices.Library.ConnectionManager.ConnectStorage()
at Microsoft.ReportingServices.Library.ConnectionManager.VerifyConnection()
at Microsoft.ReportingServices.Library.ServiceController.ServiceStartThread()
ReportingServicesService!library!d00!5/18/2004-13:10:55:: Attempting to start
service again...
- If you change the user account that is used to run the
Report Server Web service, you may receive an error message that is similar to
the following in the Reporting Services trace log:
aspnet_wp!crypto!c84!5/21/2004-05:26:15:: i INFO: Initializing crypto as
user: UserName
aspnet_wp!crypto!c84!5/21/2004-05:26:15:: i INFO: Exporting public key
aspnet_wp!crypto!c84!5/21/2004-05:26:15:: i INFO: Performing sku validation
aspnet_wp!crypto!c84!5/21/2004-05:26:15:: i INFO: Importing existing encryption
key
aspnet_wp!library!c84!5/21/2004-05:26:15:: e ERROR:
Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the symmetric key used to access sensitive
or encrypted data in a report server database. You must either restore a
backup key or delete all encrypted content and then restart the service.
Check the documentation for more information., ;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the symmetric key used to access sensitive or
encrypted data in a report server database. You must either restore a backup
key or delete all encrypted content and then restart the service. Check the
documentation for more information. --->
System.Runtime.InteropServices.COMException (0x80090005): Bad Data.
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode,
IntPtr errorInfo)
at RSManagedCrypto.RSCrypto.ImportSymmetricKey(Byte[] pSymKeyBlob)
at Microsoft.ReportingServices.Library.ConnectionManager.GetEncryptionKey()
--- End of inner exception stack trace ---
aspnet_wp!webserver!72c!5/21/2004-05:26:25:: i INFO: Reporting Web Server
stopped
Additionally, when you start the Report Manager,
you may receive an error message that is similar to the following:
The
report server cannot decrypt the symmetric key used to access sensitive or
encrypted data in a report server database. You must either restore a backup
key or delete all encrypted content and then restart the service. Check the
documentation for more information. (rsReportServerDisabled) Get Online Help
Bad Data.
The
Report Server service uses the symmetric key to access the encrypted
data in a report server database. This symmetric key is encrypted by using an
asymmetric public key that corresponds to the computer and the user account
that is used to run the Report Server service. When you change the user account
that is used to run the Report Server service, the report server cannot
use the asymmetric public key to decrypt the symmetric key. Therefore, the Report Server
service cannot use the symmetric key to access the data from the report server
database.
To resolve this
problem, you must back up the encrypted keys before you change the user account
that is used to run the Report Server Windows service or the Report Server Web
service, and then you must apply the keys that were backed up. To do this, on the
computer that is running the Reporting Services, follow these steps:
- Start the Report Server Windows service and
the Report Server Web service by using the user account that the service was
running successfully for.
- Use the rskeymgmt command-line utility to back up the
encryption keys. To do this, run the following command at the command prompt:
RSKeyMgmt -e -f FileName -p StrongPassword
Note: Replace FileName and StrongPassword with an
appropriate file name and an appropriate password. By default, the rskeymgmt
command-line utility is located in the InstallationDrive:\Program Files\Microsoft SQL Server\80\Tools\Binn folder.
For
more information about the rskeymgmt command-line utility, run the following
command at the command prompt:RSKeyMgmt /?
- Use the rskeymgmt command-line utility to remove the
reference to the existing keys. To do this, run the following command at the
command prompt:
RSKeyMgmt -r InstallationID
Note Replace InstallationID with the installation ID that is
provided in the InstallationID setting of the RSReportServer.config file. By default, the
RSReportServer.config file is stored in the InstallationDrive:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer folder. - Stop Microsoft Internet Information Services (IIS).
- Stop the Report Server Windows service.
- Change the user account that is used to run the Report
Server Windows service or the Report Server Web service to the user account
that you want.
- Start IIS.
- Start the Report Server Windows service.
- Use the rskeymgmt command-line utility to apply the
encryption keys that were backed up in step 2. To do this, run the following
command at the command prompt:
RSKeyMgmt -a -f FileName -p StrongPassword
Note Replace FileName and StrongPassword with the
file name and the password that you used to back up the symmetric encryption
keys in step 1.
Microsoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section.
For more information about Reporting Services trace logs,
visit the following Microsoft Developer Network (MSDN) Web site:
For
more information about the RSReportServer.config configuration file, visit the
following Microsoft Web site:
Article ID: 842421 - Last Review: March 29, 2007 - Revision: 1.3
APPLIES TO
- Microsoft SQL Server 2000 Reporting Services
| kbtshoot kbconfig kbservice kbreport kbmsg kbuser kbsettings kblogin kberrmsg kbprb KB842421 |
