What is the purpose of the Encryption key used in Active Roles (ARS)?
The encryption key is only used to encrypt passwords for domain override accounts (including AD LDS instances).
Other than passwords, we do not encrypt any other data.
By default, the encryption key will be created in the following folder:
C:\Documents and Settings\All Users\Application Data\Quest Software\ActiveRoles Server\
... with a default name of: ARS_encryption_keys.bin
Question: If I lose my encryption key, does that mean I won't be able to use ARS?
Answer: No. If you lose your encryption key, all is not lost. Since the encryption key is used for the Managed Domain password encryption, you can simply install ARS and use a NEW database and import the settings from the old database and it will prompt you to create a new encryption key file. Another method is to bring up an additional ARS service. It can retreive the encryption key from an already running ARS service machine (you will be presented with the option to do so during installation).
If you do not have the encryption file for your original ARS service, you can still upgrade to 6.9 from 6.x (just create new key if necessary)
If you have multiple ARS services sharing one database, you really do not need the encryption key as ARS can pull the encryption information from the existing running system
Encryption key file is not used during upgrade
Question: Exactly what scenario would you absolutely need the ARS encryption key file?
Answer: Scenario is as follows:
* You would like to add another ARS service to existing shared database
* You don't have any services connected to the same database up and running
* You cannot afford re-typing passwords for managed domains
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité