SharePoint 2016, Sharepoint 2013, Sharepoint 2010, Windows Server 2012, Sql Server 2012,2014,IIS, Active Directory,User Profile Service, Managed MetaData Service, Search Service, Topology, Web Application, IIS, Site collection, List, Library, PowerShell, office web app, Windows Authentication, NTLM, Kerberos, Saml, ADFS, Active Directory Import, MIM, SharePoint 2016 : Secure Store Service Operations – SharePoint

SharePoint 2016 : Secure Store Service Operations

In this article, we will walk through Creation of Secure Store Service, Generation of the Key and Deletion of Secure Store Service. We will perform all these operations via Central Admin.

Introduction

The Secure Store Service is an authorization service that runs on an application server. The Secure Store Service provides a database that is used to store credentials. These credentials usually consist of a user identity and password, but can also contain other fields that you define. For example, SharePoint Server 2013 can use the Secure Store database to store and retrieve credentials for access to external data sources. The Secure Store Service provides support for storing multiple sets of credentials for multiple back-end systems.

Before Start

You should make sure the following things are ready before start. It will help you to create service application Flawlessly.

  • Farm Administrator Account to login Central admin and creation of SSS.
  • URL of the Central Admin
  • Service Account (Managed Account) which will run the App Pool of Secure Store Service
  • Name of the Server where this Service Application will run
  • SQL Server Alias where SSS database will be provisioned
  • Name of Database of SSS
  • Name of the Application Pool of SSS
  • Generation Key.

Tips

For a successful configuration of SSS, following are the industry recommendations.

  • Use the dedicated app pool for SSS, should not be shared with other application
  • Use the dedicated SQL server or A SQL server which should not holds the Content Databases.
  • Backup the generation key and SSS database.
  • Run the Service on the Application Server.

Create Secure Store Service.

In order to create the Secure Store Service, please follow these steps.

  1. Please login on the Central admin site with Farm administrator account with local admin.
  2. Click on Application Management
  3. Click on Manager Service Applications Under Service Applicationsss-001
  4. Click on the New (top Left) and drop down select Secure Store Service
    SS-1
  5. On this Page Please enter the details
    1. Service Application Name: KS-SSS
    2. Database Server: KF-SQL
    3. Database Name: KF-SSService-Database
    4. Database Authentication: Windows Authentication
    5. faileOver Database Server: We are using Always-ON Solution so this will be blank
    6. Application Pool
      1. Application Pool Name:  KF-SSS-AppPool
      2. Select the ID from Drop Down: Krossfarm\KFSvcApp
    7. Enable Audit( I would recommend to enable it, because it will help  you to audit every action [who did, what did, success etc]).
      1. Audit Log Purge: Enable
      2. Days Until Purge: 30 DaysSS-2
    8. Click Ok
    9. This Shouldn’t take long. and once it completed you will see thisSSk-1

      Check

      Please check couple of things to make sure it is successfully created.Make sure Secure Store service Application Proxy is part of the Default Proxy group. and Also make sure that Secure Store Service Application Instance is started on the server.

      Check for Default Proxy Group

      • On Application Management Page, Click on Configure service application associations  Under Service Applications2016-07-23_00h28_09
      • On this Page click on the Default2016-07-23_00h27_21
      • On this page please make sure SSS is checked here.2016-07-23_00h27_43

      Check the SSS Application Instance

      1. On the Central Admin Click on System Settings
      2. Click on Manage Services on Server under the Server2016-07-23_00h38_30
      3. On this Page Make Sure Secure Store Service Status is started.(if not then start it.)2016-07-23_00h39_33

Configuration

Last thing, we have to create the Generation Key which is required and most important. So please store it a safe place.

  1. Click on Application Management
  2. Click on Manager Service Applications Under Service Applications
  3. On this Page Click on Secure Store ServiceSSk-1
  4. On this page you will see this Error “Before creating a new Secure Store Target Application, you must first generate a new key for this Secure Store Service Application from the ribbon.” But this happened when you visit the Secure Store Service 1st time and no SSS key present. SSK-2
  5. Click on Generate New Key in the Ribbon.SSk-3
  6. On Generate New Key Pop Up please enter the following
    1. PassPhrase
    2. Confirm PassPhrase
    3. Click OkSSK-5
  7. This Shouldn’t take longSSk-6
  8. Finally, you will see this screenSSK-7

Note: PassPhrase should be at least 8 characters and must contain combinations uppercase, lowercase numbers and special characters

Also make sure store this key in the safe location, because it is not retrievable.

This completes the Creation and configuration of Secure Store Service. Next you have to use it as per your Service Application requirement i.e. Visio, Access Service etc.

Delete the Secure Store Service Application.

In order to delete a Secure Store Service via Central admin please follow the steps below.

  1. Please login on the Central admin site with Farm administrator account with local admin.
  2. On Application Management, Click on Manager Service Applications Under Service Applicationsss-001
  3. On this Page Highlight the Secure Store Service and Click Delete Button from RibbonSSD-2
  4. On Delete Service Application page, Check the Delete Data Associated with the Service Applications and Click Ok.SSD-4
  5. This Shouldn’t take too long.SSD-5
  6. Click Ok on the Successful deletion page.ssd-
  7. Now you will see SSS application is not more on this page.SSD-6
After this Make sure that Application Pool also deleted from IIS and Associated Database also deleted from SQL Server. Sometime due to unknown error SharePoint fail to remove one of the component.

Reference:

You may also like...

1 Response

  1. Nick Young says:

    To generate the SS master key in powershell

    # get your SSS GUID first

    Get-SPServiceApplicationProxy

    # create the master key referencing your SSS GUID

    $sssServiceApplicationProxy = Get-SPServiceApplicationProxy -Identity “”

    Update-SPSecureStoreMasterKey -ServiceApplicationProxy $sssServiceApplicationProxy -Passphrase “”

Leave a Reply

Your email address will not be published. Required fields are marked *