none
The report server cannot decrypt the symmetric key

    Question

  • I am getting a constant error "Report Server Windows Service" ID 120 and "Report Server" ID 107. The old administrator of this SQL server has left our company and left no record where the backup key (*.snk) file is located.

    Here is the message I get when I try to re-enter my creds:

    Microsoft.ReportingServices.WmiProvider.WMIProviderException: The report server cannot decrypt the symmetric key that is used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. (rsReportServerDisabled)
       at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
       at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.BackupEncryptionKey(Byte[]& encryptedBytes, String password)
       at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.BackupEncryptionKey(Byte[]& encryptedBytes, String password)

    I'm seeing the only way to fix this is to delete all encrypted data and start again in the Report Services Configuration Manager since I don't have a key. Will deleting this data effect my database in any way or does this only effect the reports?

    Saturday, February 02, 2013 7:26 AM

Answers

  • Hi Wadams,

    The Report Server service uses the symmetric key to access the encrypted data in a report server database. This symmetric is encrypted by using an asymmetric public key that corresponds to the computer and the user account that is used to run the Report Server service. When you change the user account that is used to run the Report Server service, the report server cannot use the asymmetric public key to decrypt the symmetric key. Therefore, the Report Server service cannot use the symmetric key to access the data from the report server database. In your scenario, you run the command but more error occur, we should start the Report Server Windows service and the Report Server Web service by using the user account that the service was running successfully for before we run the command. For more information about it, please see:
    http://support.microsoft.com/kb/842421

    Hope this helps.

    Regards,
    Charlie Liao


    Charlie Liao
    TechNet Community Support

    Tuesday, February 05, 2013 9:07 AM

All replies

  • I have also tried the command:

    RSKeyMgmt -e -f <var>FileName</var>  -p <var>StrongPassword</var>

    This just produced more of the same errors in the event log and when I try to go to the reports HTTP address, I get this error:

    The report server cannot decrypt the symmetric key that is used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. (rsReportServerDisabled) Get Online Help

    Bad Data. (Exception from HRESULT: 0x80090005)


    Saturday, February 02, 2013 7:31 AM
  • Hi Wadams,

    The Report Server service uses the symmetric key to access the encrypted data in a report server database. This symmetric is encrypted by using an asymmetric public key that corresponds to the computer and the user account that is used to run the Report Server service. When you change the user account that is used to run the Report Server service, the report server cannot use the asymmetric public key to decrypt the symmetric key. Therefore, the Report Server service cannot use the symmetric key to access the data from the report server database. In your scenario, you run the command but more error occur, we should start the Report Server Windows service and the Report Server Web service by using the user account that the service was running successfully for before we run the command. For more information about it, please see:
    http://support.microsoft.com/kb/842421

    Hope this helps.

    Regards,
    Charlie Liao


    Charlie Liao
    TechNet Community Support

    Tuesday, February 05, 2013 9:07 AM