sql-server-2005 – 为什么Reporting Services在服务帐户更改期间无法导入现有加密密钥?

前端之家收集整理的这篇文章主要介绍了sql-server-2005 – 为什么Reporting Services在服务帐户更改期间无法导入现有加密密钥?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我现在已多次更改sql Server 2005 Reporting Services的服务帐户,但昨天是我第一次遇到可怕的“报表服务器无法解密用于访问的对称密钥…”错误.

环境是sql Server 2005企业版,作为命名实例安装在一个也默认使用sql Server 2000 Standard Edition的框上.一切都是32位.

作为BOL recommends,我总是使用Reporting Services配置管理器进行更改,并且从未必须恢复加密密钥.

但是,最近一次(它必须在生产中,不是吗?),服务帐户更改无法导入现有加密密钥;从ReportServerService日志文件

ReportingServicesService!crypto!b!5/19/2009-17:20:37::
i INFO: Initializing crypto as user:
\
ReportingServicesService!crypto!b!5/19/2009-17:20:37::
i INFO: Exporting public key
ReportingServicesService!crypto!b!5/19/2009-17:20:37::
i INFO: Performing sku validation
ReportingServicesService!crypto!b!5/19/2009-17:20:37::
i INFO: Importing existing encryption
key
ReportingServicesService!library!b!5/19/2009-17:20:37::
e ERROR: Throwing
Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the
symmetric key used to access sensitive
or encrypted data in a report server
database. You must either restore a
backup key or delete all encrypted
content. Check the documentation for
more information.,; Info:
Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerDisabledException:
The report server cannot decrypt the
symmetric key used to access sensitive
or encrypted data in a report server
database. You must either restore a
backup key or delete all encrypted
content. Check the documentation for
more information. —>
System.Runtime.InteropServices.COMException
(0x80090005): Bad Data. (Exception
from HRESULT: 0x80090005) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode,IntPtr errorInfo)

at
RSManagedCrypto.RSCrypto.ImportSymmetricKey(Byte[]
symKeyBlob) at
Microsoft.ReportingServices.Library.ConnectionManager.GetEncryptionKey()
— End of inner exception stack trace —

现在,我是一个很好的小DBA,我有一个以前的加密密钥的备份,所以我能够快速从问题中恢复,但是,我想知道的是,为什么会发生? This article from MS suggests that it may happen,但我不喜欢这是一个完全随机发生的建议.我已阅读,现在遗憾地找不到链接,建议当您通过RS Configuration Manager(如sql Server配置管理器或Windows服务)之外的其他方式更改Reporting Services的服务帐户时,会经常发生这种情况.

所以,我有两个问题:

>如果我按照建议使用RS配置管理器,为什么会发生这种情况? (但它起作用了,他感叹道!)
>我是否应该不确定我当前的加密密钥是不是像往常一样基于机器/当前服务帐户,而是基于以前的服务帐户?

解决方法

>当您使用其他服务帐户时,密钥应该失败

The Report Server service uses the symmetric key to access the encrypted data in a report server database. This symmetric key is encrypted by using an asymmetric public key that corresponds to the computer and the user account that is used to run the Report Server service. When you change the user account that is used to run the Report Server service,the report server cannot use the asymmetric public key to decrypt the symmetric key. Therefore,the Report Server service cannot use the symmetric key to access the data from the report server database

2.我只想用您当前的配置创建一个新的密钥备份

原文链接:https://www.f2er.com/mssql/79765.html

猜你在找的MsSQL相关文章