When installing additional Active Roles administration services, where there are other administration services online, the encryption key will be shared by other administration services. But if for some reason there are no administration services available (disaster recover, network issues), it will let you install the Active Roles Server and connect to the existing database, but the service will never start correctly as it can't decrypt the information in the database.
It is still possible to add additional Active Roles administration services to the existing database if a copy of the AREncryptionKey file has been kept for an existing administration service:
1) Install the Active Roles binary components on to the new Active Roles administration service server.
2) Copy the backup of the AREncryptionKey bin file on to the new server.
3) Open the Active Roles Management Shell.
IMPORTANT: The Management Shell must be run as an Administrator in an environment with UAC enable, otherwise the following error will be displayed when running the command in step 4, "Restore-AREncryptionKey : Insufficient rights to configure Active Roles. Ensure that you have administrator rights on the computer running the Active Roles instance you are going to configure")
4) Run the following commands (when prompted provide the Active Roles Encryption Key password:
$AREncryptionKeyPwd = Read-Host -AsSecureString -Prompt "Enter the existing password for the Active Roles Encryption Key"
Restore-AREncryptionKey -DatabaseServer "<SQL Server>" -DatabaseName "<ARS DB>" -RestoreFromFile "<AREncryptionKey>" -Password $AREncryptionKeyPwd
Where:
<SQL Server> is your SQL Server
<ARS DB> is the name of the Active Roles Configuration database
<AREncryptionKey> is the path and name of the AREncryptionKey bin file
IE:
$AREncryptionKeyPwd = Read-Host -AsSecureString -Prompt "Enter the existing password for the Active Roles Encryption Key"
Restore-AREncryptionKey -DatabaseServer "SQL001" -DatabaseName "ActiveRoles7" -RestoreFromFile "C:\Temp\ARServiceEncryptionKey-ars001" -Password $(Read-Host -AsSecureString -Prompt $AREncryptionKeyPwd
5) Configure the Active Roles Administration Service as normal.
6) Once the Administration Service has started, confirm that the existing configuration is available.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center