How to Backup and Restore Encryption Keys in Operations Manager 2007

Operations Manager 2007 uses an encryption key to protect secure data, such as Run As Accounts, in the Operations Manager database, and to encrypt data between the Root Management Server and the SDK. This key is also required to promote a Management Server to a Root Management Server.

Use the Encryption Key Backup or Restore Wizard to back up and restore encryption keys on the Root Management Server. This tool is located in the installation folder for Operations Manager 2007, typically Program Files\System Center Operations Manager 2007.

Important

Without a backup of the encryption key, you would need to manually re-enter all of your Run As Accounts if you had to rebuild the Root Management Server. In larger environments, this rebuild could involve re-creating hundreds of accounts.

To backup the encryption key

  1. Log on to the computer hosting the Root Management Server with an account that is a member of the Administrators group.

  2. Using Windows Explorer, navigate to the installation folder for Operations Manager 2007, typically \Program Files\System Center Operations Manager 2007.

  3. Double-click the file SecureStorageBackup.exe to start the Encryption Key Backup or Restore Wizard.

    Note

    During the setup of Operations Manager 2007 SP1, you will be presented with an option to start this wizard and backup the encryption key.

  4. In the Introduction page, click Next.

  5. On the Backup or Restore page, select Backup the Encryption Key, and then click Next.

  6. On the Provide a Location page, type the path to the folder where you will store the encryption key, for example \\MyServer\Backups\RMSBackupKey.bin, and then click Next.

  7. On the Provide a Password page, in the Password text box, type a password consisting of at least eight characters. In the Confirm Password text box, re-enter the same password, and then click Next.

    Note

    Recovery of the password is not possible if it is lost or forgotten.

  8. When the Secure Storage Backup Complete message is displayed, click Finish.

To restore the encryption key

  1. Log on to the computer hosting the Root Management Server with an account that is a member of the Administrators group.

  2. Using Windows Explorer, navigate to the installation folder for Operations Manager 2007, typically \Program Files\System Center Operations Manager 2007.

  3. Double-click the file SecureStorageBackup.exe to start the Encryption Key Backup or Restore Wizard.

  4. In the Introduction page, click Next.

  5. On the Backup or Restore page, select Restore the Encryption Key, and then click Next.

  6. On the Provide a Location page, type the path to the folder where you had stored the encryption key; for example, \\MyServer\Backups\RMSBackupKey.bin, and then click Next.

  7. On the Provide a Password page, in the Password text box, type the password you used to backup the encryption key. In the Confirm Password text box, re-enter the same password, and then click Next.

    Note

    Recovery of the password is not possible if it is lost or forgotten.

  8. When the Secure Storage Key Restore Complete message is displayed, click Finish.

Did you find this information useful? Please send your suggestions and comments about the documentation.