在 SharePoint Server 中還原Secure Store Service 應用程式Restore Secure Store Service applications in SharePoint Server

摘要: 了解如何在 SharePoint Server 2016 和 SharePoint Server 2013 中還原 Secure Store Service 應用程式。Summary: Learn how to restore the Secure Store Service application in SharePoint Server 2016 and SharePoint Server 2013.

您可以使用 SharePoint 管理中心網站或 PowerShell 來還原 Secure Store Service 應用程式。所使用的還原工具會視已部署的環境類型、排程需求以及與組織建立的服務等級協定而定。You can restore the Secure Store service application by using the SharePoint Central Administration website or PowerShell. The restore tool that you use depends on the kind of environment that you have deployed, your schedule requirements, and service level agreements that you have made with your organization.

開始之前Before you begin

Secure Store Service 提供安全儲存認證集的功能,以及將認證與特定身分識別或一組身分識別建立關聯的功能。The Secure Store Service provides the capability of securely storing credential sets and associating credentials to specific identities or a group of identities.

開始這項作業之前,請先檢閱下列 Secure Store Service 應用程式的相關資訊:Before you begin this operation, review the following information about the Secure Store service application:

  • 每次您輸入新的複雜密碼時,SharePoint Server 都會建立新的主要金鑰,然後使用該金鑰重新加密認證集。複雜密碼可讓您存取 SharePoint Server 所建立的主要金鑰,以用於加密認證集。Every time that you enter a new passphrase, SharePoint Server creates a new Master Key and re-encrypts the credentials sets with that key. The passphrase gives you access to the Master Key created by SharePoint Server that is used to encrypt the credential sets.

  • 還原 Secure Store Service 時將需要在備份 Secure Store Service 時記錄的複雜密碼。You will need the passphrase that was recorded when the Secure Store Service was backed up to restore the Secure Store Service.

在 SharePoint Server 中使用 管理中心 還原 Secure Store ServiceUsing Central Administration to restore the Secure Store Service in SharePoint Server

使用下列程序可透過管理中心還原 Secure Store Service。Use the following procedure to restore the Secure Store Service by using Central Administration.

使用 管理中心 還原 Secure Store ServiceTo restore the Secure Store Service by using Central Administration

  1. 確認執行此程序的使用者帳戶為伺服器陣列管理員群組的成員。Verify that the user account performing this procedure is a member of the Farm Administrators group.

  2. 啟動管理中心。Start Central Administration.

  3. 在管理中心首頁上,按一下 [備份與還原]**** 區段中的 [從備份還原]*In Central Administration, on the home page, in the *Backup and Restore section, click Restore from a backup.

  4. 在 [從備份還原 - 步驟 3 之 1:選取要還原的備份] 頁面上,從備份清單中選取包含所需備份的備份工作,或選取伺服器陣列層級備份,然後按 [下一步]*。只要按一下備份旁的 (+),即可檢視每項備份的詳細資訊。On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, select the backup job that contains the backup that you want, or a farm-level backup, from the list of backups, and then click *Next. You can view more details about each backup by clicking the (+) next to the backup.

    注意

    若正確的備份作業未出現,請在 [備份目錄位置]**** 文字方塊中,輸入正確的備份資料夾路徑,然後按一下 [重新整理]*。您無法使用只含設定的備份來還原 Secure Store Service。If the correct backup job does not appear, in the *Backup Directory Location text box, type the path of the correct backup folder, and then click Refresh. You cannot use a configuration-only backup to restore the Secure Store Service.

  5. 在 [從備份還原 - 步驟 3 之 2:選取要還原的元件] 頁面上,展開 [共用服務應用程式]*,然後選取 Secure Store Service 應用程式備份群組旁的核取方塊,再按 [下一步]On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand **Shared Services Applications* and select the check box that is next to the Secure Store Service application backup group, and then click Next.

  6. 在 [從備份還原 — 步驟 3 之 3:選取還原選項] 頁面上,確定 [還原元件]**** 區段中的 \Farm\Shared Services\Shared Services Applications<Secure Store Service 名稱>> 出現在 [還原下列元件]**** 清單中。On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, make sure that Farm\Shared Services\Shared Services Applications<Secure Store Service name> appears in the Restore the following component list.

    在 [還原選項] 區段的 [還原的類型] 下,選取 [相同的設定] 選項。對話方塊會隨即出現,請您確認該作業。按一下 [確定]。In the Restore Options section, under Type of restore, select the Same configuration option. A dialog box will appear that asks you to confirm the operation. Click OK.

    按一下 [開始還原]。Click Start Restore.

  7. 您可以在 [備份與還原工作狀態] 頁面上方的 [整備] 區段中,檢視所有復原工作的一般狀態。在同頁面底部的 [還原] 區段中,則可檢視目前復原工作的狀態。狀態頁面每 30 秒會自動更新。只要按一下 [重新整理],即可手動更新狀態詳細資料。備份與復原都是計時器服務工作。因此,復原要數秒後才會開始。You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a several seconds for the recovery to start.

    若收到任何錯誤,您可在 [備份與還原工作狀態] 頁面的 [失敗訊息]**** 欄中加以檢閱。也可在步驟 3 中所指定之路徑下的 Sprestore.log 檔案中,找到詳細資料。If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the path that you specified in step 3.

  8. 成功完成還原作業後,必須重新整理複雜密碼。After the restore operation has successfully completed, you must refresh the passphrase.

  9. 在管理中心首頁上,按一下 [應用程式管理]**** 區段中的 [管理服務應用程式]*In Central Administration, on the Home page, in the *Application Management section, click Manage service applications.

  10. 在 [服務應用程式] 頁面上,按一下 Secure Store Service 名稱。您可能會收到「無法取得主要金鑰」的錯誤。On the Service Applications page, click the Secure Store Service name. You might receive an error that says "Unable to obtain master key."

  11. 在 [Secure Store Service] 頁面上,按一下功能區上的 [重新整理金鑰]*On the Secure Store Service page, on the ribbon, click *Refresh Key.

  12. 在 [重新整理金鑰]**** 對話方塊中的 [複雜密碼]**** 方塊內輸入複雜密碼,然後按一下 [確定]*In the *Refresh Key dialog box, type the passphrase in the Pass Phrase box, and then click OK.

在 SharePoint Server 中使用 PowerShell 還原 Secure Store ServiceUsing PowerShell to restore the Secure Store Service in SharePoint Server

您可以使用 PowerShell 還原 Secure Store Service。You can use PowerShell to restore the Secure Store Service.

使用 PowerShell 還原 Secure Store ServiceTo restore the Secure Store Service by using PowerShell

  1. 確認您具備下列成員身分:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running the PowerShell cmdlets.

      系統管理員可以使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint Server Cmdlet 的權限。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server cmdlets.

      注意

      如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Start the SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元中,輸入下列命令:At the PowerShell command prompt, type the following command:

    Restore-SPFarm -Directory <BackupFolder> -Item <SecureStoreServicename> -RecoveryMethod Overwrite [-BackupId <GUID>] [-Verbose]
    

    其中:Where:

    • <BackupFolder> 是備份服務應用程式的備份資料夾路徑。<BackupFolder> is the path for the backup folder where the service application was backed up.

    • <Secure Store Service 名稱> 是 Secure Store Service 應用程式的名稱。<SecureStoreServicename> is the name of the Secure Store Service application.

      如果您具有多個備份,請利用 BackupId 參數指定要使用的備份。若要檢視伺服器陣列的所有備份,請在 PowerShell 命令提示字元處輸入下列命令:If you have multiple backups use the BackupId parameter to specify which backup to use. To view all of the backups for the farm, type the following command at the PowerShell command prompt:

    Get-SPBackupHistory -Directory <BackupFolder> -ShowBackup
    

    注意

    如果未指定 BackupId 參數的值,則會使用最近的備份。您無法從僅有設定的備份,還原 Secure Store Service。If you do not specify a value for the BackupId parameter, the most recent backup will be used. You cannot restore the Secure Store Service from a configuration-only backup.

  4. 成功完成還原作業後,必須重新整理複雜密碼。在 PowerShell 命令提示字元處輸入下列命令:After the restore operation has successfully completed, you must refresh the passphrase. At the PowerShell command prompt, type the following command:

    Update-SPSecureStoreApplicationServerKey -Passphrase <Passphrase>
    

    其中 <Passphrase> 是您目前使用的複雜密碼。Where <Passphrase>, is the one that you currently use.

如需詳細資訊,請參閱<Restore-SPFarm>和<Update-SPSecureStoreApplicationServerKey>。For more information, see Restore-SPFarm and Update-SPSecureStoreApplicationServerKey.

注意

建議您在執行命令列管理工作時使用 Windows PowerShell。Stsadm 命令列工具已過時,但為與舊版產品相容,仍會隨附提供。We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

另請參閱See also

概念Concepts

在 SharePoint Server 中備份 Secure Store ServiceBack up the Secure Store Service in SharePoint Server