Do i need to refresh the secure store encryption key in sharepoint 2013 before migration to sharepoint 2016

Greg Booth 1,296 Reputation points
2023-03-07T15:41:50.32+00:00

We are upgrading from sharepoint 2013 to sharepoint 2016 ( 2016 running in new servers, so we are using the database copy and upgrade method).

We dont know the passphrase for sharepoint 2013, so have reset the passphrase on the sharepoint 2013 instance via SEt-SPPassPhrase

We backed up all the databases - including the securestore database and restored it on the Sp 2016 sql instance.

When we try to upgrade the SecureStore service application (on the sharepoint 2016 server) and get to the step

Update-SPSecureStoreApplicationServerKey -Passphrase $pp -ServiceApplicationProxy $sssp

(where $pp is the new passphrase we set on the SP 2013 instance and $sssp is the proxy for the secure store),

we get an error message

Update-SPSecureStoreApplicationServerKey : Exception of type 'Microsoft.Office.SecureStoreService.Server.KeyManagement.InvalidMasterKeyException' was

thrown.

Should we have refreshed the Secure Store encryption key on the SP 2013 instance before we backup up the SP 2013 secure store database ?

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,273 questions
{count} votes

Accepted answer
  1. Haoyan Xue_MSFT 21,241 Reputation points Microsoft Vendor
    2023-03-08T07:28:06.1766667+00:00

    Hi @Greg Booth ,

    You do not need to refreshe the Secure Store encryption key on the SP 2013 instance before we backup up the SP 2013 secure store database.

    Updating a server key is required when:

    --A new SharePoint server that will run a Secure Store service instance is joined to the farm. --The key stored in the server is not the key required for the current Secure Store service database (because of server or networking issues). --The master key is updated but during propagation of the new key, this process fails on one or more of the servers.

    Reference:https://learn.microsoft.com/en-us/powershell/module/sharepoint-server/update-spsecurestoreapplicationserverkey?view=sharepoint-server-ps

    You just updated the password you use to log into the sharepoint farm. You do not need to refreshe the Secure Store encryption key.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful