Rskeymgmt.exe Not Found
Sanny Olafeso
The utility extracts, restores, creates, and deletes the symmetric key used to protect sensitive report server data against unauthorized access. This utility is also used to join report server instances in a scale-out deployment. A report server scale-out deployment refers to multiple report server instances that share a single report server database.
This argument doesn't take a value. However, you must include other arguments on the command line to complete the extraction. The arguments that you must specify include -f and-p.
This argument doesn't take a value. However, you must include other arguments on the command line to select the file that contains the key to be applied. The arguments that you can specify include -f and-p.
-r installationID
Removes the symmetric key information for a specific report server instance, thereby removing the report server from a scale-out deployment. The installationID is a GUID value that can be found in the RSReportserver.config file.
-i
Specifies a local report server instance. This argument is optional if you installed the report server on the default SQL Server instance (the default value for -i is MSSQLSERVER). If you installed the report server as a named instance, -i is required.
-m
Specifies the name of the remote computer that hosts the report server instance you're joining to the report server scale-out deployment. Use the name of the computer that identifies it on your network.
-n
Specifies the name of the report server instance on a remote computer. This argument is optional if you installed the report server on the default SQL Server instance (the default value for -n is MSSQLSERVER). If you installed the report server as a named instance, -n is required.
-u useraccount
Specifies the administrator account on the remote computer that you're joining to the scale-out deployment. If an account isn't specified, the credentials of the current user are used.
You must be a local administrator to run the tool, and you must run it locally on the computer that hosts the report server. The rskeymgmt utility works with the local Report Server Windows instance. The utility can't connect to remote instances of the Report Server Windows service so it can't be used to manage the encryption keys of a remote report server instance.
The following examples illustrate ways to use rskeymgmt. The following examples show how to extract, restore, and delete encryption keys, and how to configure a report server scale-out deployment.
This example shows how to create a backup copy of the encryption key and save it to a password-protected file on a floppy disk. If the report server is installed as a named instance, add the -i argument.
This example shows how to delete all encryption keys stored in a report server. If your installation is a report server scale-out deployment, the encryption keys for all report server instances that are included in the deployment are deleted. Deleting an encryption key also deletes any existing encrypted values in the report server database. For more information about encrypted content, see Store Encrypted Report Server Data (Report Server Configuration Manager).
This example shows how to add a report server instance that is installed on a remote computer to a report server scale-out deployment. You must run the command on one of the computers that is already configured to use the shared database. The command arguments specify the remote report server instance you want to join to the scale-out deployment.
A report server scale-out deployment refers to a deployment model where multiple report server instances share the same report server database. A report server database can be used by any report server instance that stores its symmetric keys in the database. For example, if a report server database contains key information for three report server instances, all three instances are considered to members of the same scale-out deployment.
You can create a scale-out deployment from multiple report server instances that are installed on the same computer. Don't set the -u and -v arguments if you're joining report server instances that are installed locally. The -u and -v arguments are used only when you're joining an instance from a remote computer. If you specify the arguments, you get the following error: "User credentials can't be used for local connections."
The following example illustrates the syntax for creating a scale-out deployment by using multiple local instances. In this example, is the name of an instance that is already initialized to use the report server database, and is the name of the instance that you want to add to the deployment:
This example shows how to remove the encryption keys for a single report server in a report server scale-out deployment. The keys are removed from the report server database. Once the keys for that report server instance are removed, that report server instance can no longer access encrypted data in the database, effectively removing it from the scale-out deployment.
Removing a report server instance from a scale-out deployment requires you to specify an installation ID. The installation ID is a GUID stored in the RSReportserver.config file of the report server instance for which you want to remove encryption keys. You must run the following command on the computer that you want to remove from the scale-out deployment. If the report server is installed as a named instance, use the -i argument to specify the instance. For more information, see RsReportServer.config configuration file.
A report server encrypts stored credentials and connection information. A public key and a symmetric key are used to encrypt data. A report server database must have valid keys in order for the report server to run. You can use rskeymgmt to back up, delete, or restore the keys. If the keys can't be restored, this tool provides a way to delete encrypted content that can no longer be used.
The rskeymgmt utility is used to manage the key set that is defined during Setup or during initialization. It connects to the local Report Server Windows service through a Remote Procedure Call (RPC) endpoint. The Report Server Windows service must be running in order for this utility to work.
Scale-out deployment - Reporting Services native mode (Configuration Manager)
Reporting Services report server (native mode)
Report server command prompt utilities (SSRS)
Configure and manage encryption keys (Report Server Configuration Manager)
SSRS keys can be backed up and restored in 2 easier ways. One, offcourse using the GUI panel of Reporting Configuration Manager and the other one is command line tool by executing rskeymgmt utility.
The rskeymgmt utility can be found in the binn sub-directory of your SQL Server install directory. Opening the command prompt and navigating to this directory, we can run rskeymgmt -? to get a list of arguments and additionally some example commands.
I seem to hear the above noted questions quite often. Alternately, Iwill hear a DBA who handles SSRS say that he / she is "backing up theactual ReportingServices and ReportServiceTemp databases, so there isno need to backup the keys. All the data is retained in the databases, right?"One last quote, I hear, although not as often, is "all our SSRS rdl files arekept in some sort of source control application / system (which is a greatpractice), so I do not need to backup the SSRS keys." While all these questions /responses are responsible, none is a good reason to not backup your SSRS key.
This tip is intended to encourageeveryone to be sure to backup theirSSRS keys, potentially often. SSRS uses symmetric and asymmetric keyswhich are generated from the Windows OS. If your SSRS setup uses a farmapproach with multiple instances, then every instance must use a copyof the symmetric key.
Theencrypted values are stored both in the Reporting Servicesconfiguration files and in the Report Server database. In the eventyou restore a SSRS database to a new server, the encryption keys willneed to be loaded onto the new server in order to allow that server toread and utilize all of the items noted in the above list. Otherwise an error willresult when attempting to navigate to the Report Server. Furthermore,your embedded data sources would be unreadable if you add a new key.Of course you could recreate a SSRS key on the new server and thenredeploy all the data sets, data sources, and reports. In thatsituation though, you would still have to recreate all the folders andmore importantly, the security for those folders (and related reports).An easier alternative is the backup and restore the SSRS key, andspecifically use the command line tool, rskeymgmt, to handle thesetasks.
Two main methods exist for working with the SSRS key. First youcan use SQL Server 2012 Reporting Services Configuration Manager; aspart of Tim Ford's tip, SQL Server Reporting Services Configuration Tool, he covers, in great detail, using the SSRS Configuration Manager tobackup and restore the SSRS key. In this tip, though, we will explain how toaccomplish similar tasks using the rskeymgmt utility, which is one ofthe SSRS command line utility tools.
In order to work with a live data for the key process, we will use AdventureWorks 2012 SQLServer database; the database is available on Codeplex at you download and install the SQL Server database, we willsubsequently use the SSRS 2012 sample reports which can be downloadedat will assume that you have installed and initialized the SSRS instanceand it is up and running.
64591212e2