Migrate Secure Store Service Application from SharePoint 2013 to SharePoint 2016

Migrate Secure Store Service Application

Whenever we migrate SharePoint from one version to the next version , we recreate most of the service applications. However, in few cases where we have dependencies with service applications like secure store and Managed metadata service which may have several credentials and term stores. recreating all the service IDs may be a tedious job and can easily land us in to issues. Hence, it is recommended to upgrade the Secure store service application. 

Title: Steps to Migrate Secure Store Service Application from SharePoint 2013 to 2016

In on of my SharePoint Migration Projects from SharePoint 2013 to SharePoint 2016 Secure Store Service Application was one of the critical services used by the customer due to its dependency with Data Refresh Jobs from SSAS. 

This article is a step by step approach to migrate Secure Store from SP 2013 to SP2016.

Steps:

Identify the Secure store database used in the SharePoint 2013 Database and restore a copy to the new SQL Server 2016 DB Server. 

Permissions: 

1.       Securityadmin fixed server role on the SQL Server instance for SharePoint Farm Setup account and SharePoint Farm Service account.

2.       Grant “DB_Owner” role on restored database for SharePoint Farm Setup account and SharePoint Farm Service account. 


Create Service Application:

1.       Login to Central Administration with the Farm Service Account.

2.       Go to Service Applications Page and Click New Secure Store Service Application.

3.       Fill the required data in the fields as per the instructions in the Service Application creation Page.

4.       In the “Database Name” field mention the Old Database Name that has been restored from SharePoint 2013 DB Server.




5.       Secure Store Application successfully created

6.       After creating the Secure Store Service Application, when we access it, it throws an error message “Unable to obtain the master Key”.

 Note: Master Key is the Passphrase used while creating the Secure Store Service in the Old SharePoint 2013 Environment






Upgrade Secure Store Service Application:

 1.       Launch CA with SharePoint Farm Service Account.

2.     Add SharePoint Farm Setup and SharePoint Farm service accounts as Administrators in the secure store service application.


3.      Launch SharePoint Management Shell with Farm service account and run the following command. This command updates and maps the old Passphrase to the Target Secure Store.

$SSSP = Get-spserviceapplicationproxy –identity ‘GUID’

Update-SPSecureStoreApplicationServerKey –Passphrase ‘Passphrase created for Old SecureStore’ –ServiceApplicationProxy $SSSP

4.   After running the above command all the secure store content along with the Power Pivot Data Refresh jobs related Service IDs are restored.



Comments

Post a Comment

Popular posts from this blog

Creation of Secure Store Service Application failed because of the following errors: The Timer Job Completed but failed on one or more machines in the farm.

Image
Unable to start Secure Store Service : Error : Creation of Secure Store Service Application failed because of the following errors: The Timer Job Completed but failed on one or more machines in the farm. Solution : Delete the Secure Store Service Application. Close all the browsers and runt the sharePoint Configuration wizard and retry to configure the secure store service and the issue should be fixed. If the issue still persists , start the Secure Store Service Application using the following commands. $proxy = Get-SPServiceApplicationProxy | where {$_.TypeName -eq "Secure Store Service Application Proxy"} $proxy.Status = "Online" $proxy.Update() In few cases it may happen that the Proxy service may start and the secure store service still has an error.In this case please delete the Secure Store service  and recreate using PowerShell as below : $sa = New-SPSecureStoreServiceApplication -Name "Secure Store Service Applicatio
Read more

HTTP 403 Forbidden SharePoint 2013

Image
Today  I faced an Issue in SharePoint where I got the error :"HTTP 403 Forbidden" for any site collection under a Web Application and this problem existed on Central Admin. Error : HTTP 403 Forbidden This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage. This problem occured after I tried configuring the SSL certificate for Central admin and the other Web Application. In this attempt I managed to Crash my SharePoint Farm. I have tried accessing the site from IIS with no go. Did Run the SharePoint Configuration Wizard successfully. Tried accessing the Central Administration Page with no go :( Resolution: After Trying the above options which did not work , finally I have deleted the Central Administration site from IIS. Run the SharePoint Products Configuration Wizard again and the Central Administration site has  been recreated. Launched Ce
Read more