初始化報表伺服器 (SSRS 組態管理員)Initialize a Report Server (SSRS Configuration Manager)

Reporting ServicesReporting Services 中,初始化的伺服器是可以在報表伺服器資料庫中加密和解密資料的伺服器。In Reporting ServicesReporting Services, an initialized server is one that can encrypt and decrypt data in a report server database. 初始化是報表伺服器作業的需求。Initialization is a requirement for report server operation. 報表伺服器服務第一次啟動時,會進行初始化。Initialization occurs when the Report Server service is started for the first time. 在您將報表伺服器聯結至現有的部署時,或者您在復原處理中手動重新建立金鑰時,也會進行初始化。It also occurs when you join the report server to the existing deployment, or when you manually recreate the keys as part of the recovery process. 如需如何和為什麼使用加密金鑰的詳細資訊,請參閱設定和管理加密金鑰 (SSRS 設定管理員)儲存加密的報表伺服器資料 (SSRS 設定管理員)For more information about how and why encryption keys are used, see Configure and Manage Encryption Keys (SSRS Configuration Manager) and Store Encrypted Report Server Data (SSRS Configuration Manager).

加密金鑰有一部分是以報表伺服器服務的設定檔資訊為根據。Encryption keys are based partly on the profile information of the Report Server service. 如果您變更用來執行報表伺服器服務的使用者識別,就必須隨之更新金鑰。If you change the user identity used to run the Report Server service, you must update the keys accordingly. 如果您是使用 Reporting Services 組態工具來變更識別,則會自動幫您處理這個步驟。If you are using the Reporting Services Configuration tool to change the identity, this step is handled for you automatically.

如果初始化因故失敗,報表伺服器就會傳回 RSReportServerNotActivated 錯誤,以回應使用者和服務要求。If initialization fails for some reason, the report server returns an RSReportServerNotActivated error in response to user and service requests. 在此情況下,您可能需要進行系統或伺服器組態的疑難排解。In this case, you may need to troubleshoot the system or server configuration. 如需詳細資訊,請參閱SSRS:使用 Reporting Services 進行疑難排解的問題和錯誤(https://social.technet.microsoft.com/wiki/contents/articles/1633.aspx) Technet Wiki 中。For more information, see SSRS: Troubleshoot Issues and Errors with Reporting Services (https://social.technet.microsoft.com/wiki/contents/articles/1633.aspx) in Technet Wiki.

初始化處理的概觀Overview of the Initialization Process

初始化處理會建立和儲存用於加密的對稱金鑰。The initialization process creates and stores a symmetric key used for encryption. 對稱金鑰是由 MicrosoftMicrosoft Windows 密碼編譯服務所建立,而報表伺服器服務隨後使用它來將資料加密和解密。The symmetric key is created by the MicrosoftMicrosoft Windows Cryptographic Services and subsequently used by the Report Server service to encrypt and decrypt data. 對稱金鑰本身是使用非對稱金鑰來加密。The symmetric key is itself encrypted with an asymmetric key.

下列步驟描述初始化處理:The following steps describe the initialization process:

  1. 初始啟動時,報表伺服器服務會讀取 RSReportServer.config 檔案,以取得安裝識別碼和資料庫連接資訊。At initial start up, the Report Server service reads the RSReportServer.config file to get the installation identifier and database connection information.

  2. 報表伺服器服務會從密碼編譯服務要求公開金鑰。The Report Server service requests a public key from Cryptographic Services. Windows 會建立一個私密和一個公開金鑰,並將公開金鑰傳送至報表伺服器服務。Windows creates a private and public key and sends the public key to the Report Server service.

  3. 報表伺服器服務會連接到報表伺服器資料庫,並且儲存安裝識別碼和公開金鑰值。The Report Server service connects to the report server database and stores the installation identifier and public key values.

  4. 報表伺服器服務會再次呼叫密碼編譯服務,這次是要求對稱金鑰。The Report Server service calls into Cryptographic Services again, this time to request a symmetric key. Windows 會建立對稱金鑰。Windows creates the symmetric key.

  5. 報表伺服器服務會再次連接到報表伺服器資料庫,並將對稱金鑰加入步驟 3 所儲存的公開金鑰和安裝識別碼值。The Report Server service connects to the report server database again, and adds the symmetric key to the public key and installation identifier values that were stored in step 3. 在儲存之前,報表伺服器服務會使用它的公開金鑰來加密對稱金鑰。Before storing it, the Report Server service uses its public key to encrypt the symmetric key. 一旦對稱金鑰儲存之後,報表伺服器就視為已初始化,並且可供使用。Once the symmetric key is stored, the report server is considered initialized and available to use.

針對向外延展部署初始化報表伺服器Initializing a Report Server for Scale-out Deployment

Reporting ServicesReporting Services 支援向外延展部署模型,這種模型會在多個報表伺服器執行個體中共用單一報表伺服器資料庫。supports a scale-out deployment model that shares a single report server database among multiple report server instances. 若要聯結向外延展部署,報表伺服器必須在共用資料庫中建立並儲存其對稱金鑰的副本。To join a scale-out deployment, a report server must create and store its copy of the symmetric key in the shared database. 雖然使用資料庫的所有伺服器會使用單一對稱金鑰,不過每個報表伺服器有其自己的金鑰副本。Although a single symmetric key is used by servers that use the database, each report server has its copy of the key. 每個副本都使用其擁有的公開金鑰唯一加密,因此各有不同。Each copy varies in that it is uniquely encrypted using the public key its owner.

針對向外延展部署初始化報表伺服器的第一組步驟,和針對單一伺服器與資料庫組合初始化的前三個步驟相同。The first set of steps for initializing a report server for scale-out deployment are identical to the first three steps that describe initialization for a single server and database combination.

向外延展部署之初始化處理的不同之處在於報表伺服器取得對稱金鑰的方式。The initialization process for a scale out deployment differs in how the report server gets the symmetric key. 第一個伺服器初始化後,會從 Windows 取得對稱金鑰。When the first server is initialized, it gets the symmetric key from Windows. 第二部伺服器在向外延展部署的組態過程中初始化後,會從已經初始化的報表伺服器服務取得對稱金鑰。When the second server is initialized during configuration for scale-out deployment, it gets the symmetric key from the Report Server service that is already initialized. 第一個報表伺服器執行個體使用第二個執行個體的公開金鑰,來建立第二個報表伺服器執行個體之對稱金鑰的加密副本。The first report server instance uses the public key of the second instance to create an encrypted copy of the symmetric key for the second report server instance. 在此過程中的任何時候,對稱金鑰絕不會以純文字的形式公開。The symmetric key is never exposed as plain text at any point in this process.

如何將報表伺服器初始化How to Initialize a Report Server

注意

RSKeymgmt 是一個主控台應用程式,您可以從主控屬於向外延展部署之報表伺服器執行個體之電腦上的命令列執行。RSKeymgmt is a console application that you run from a command line on a computer that hosts a report server instance that is already part of a scale-out deployment. 您執行公用程式時,要指定引數來選取您要初始化的遠端報表伺服器執行個體。When you run the utility, you specify arguments to select a remote report server instance that you want to initialize.

唯有安裝識別碼與公開金鑰之間有配對時,報表伺服器才會初始化。A report server will be initialized only if there is a match between the installation identifier and the public key. 如果配對成功,就會建立允許可回覆加密的對稱金鑰。If the match succeeds, a symmetric key is created that permits reversible encryption. 如果配對失敗,則會停用報表伺服器,這時系統應會要求您套用備份金鑰,或者刪除加密資料 (如果備份金鑰無法使用或無效)。If the match fails, the report server is disabled, in which case you may be required to apply a backup key or delete the encrypted data if a backup key is unavailable or not valid. 如需報表伺服器所使用之加密金鑰的詳細資訊,請參閱設定和管理加密金鑰 (SSRS 設定管理員)For more information about encryption keys used by a report server, see Configure and Manage Encryption Keys (SSRS Configuration Manager).

注意

您也可以使用 Reporting ServicesReporting Services Windows Management Instrumentation (WMI) 提供者,以程式設計方式將報表伺服器初始化。You can also use the Reporting ServicesReporting Services Windows Management Instrumentation (WMI) provider to initialize a report server programmatically. 如需詳細資訊,請參閱《 線上叢書》中的 存取 Reporting Services WMI 提供者 [SQL Server]SQL ServerFor more information, see Access the Reporting Services WMI Provider in [SQL Server]SQL Server Books Online.

如何確認報表伺服器初始化How to Confirm a Report Server Initialization

若要確認報表伺服器初始化,請在命令視窗中鍵入 http://<伺服器名稱>/reportserver,來 Ping 報表伺服器 Web 服務。To confirm report server initialization, ping the Report Server Web service by typing http://<servername>/reportserver in the command window. 如果發生 RSReportServerNotActivated 錯誤,初始化就會失敗。If the RSReportServerNotActivated error occurs, the initialization failed.

另請參閱See Also

儲存加密的報表伺服器資料 (SSRS 組態管理員)Store Encrypted Report Server Data (SSRS Configuration Manager)