SharePoint 2016: Secure Store Service Operations

In this article, we will walk through the Creation of Secure Store Service, Generation of the Key and Deletion of Secure Store Service. We will perform all these operations via Central Admin.

Introduction

"The Secure Store Service is an authorization service that runs on an application server. The Secure Store Service provides a database that is used to store credentials. These credentials usually consist of a user identity and password, but can also contain other fields that you define. For example, SharePoint Server 2013 can use the Secure Store database to store and retrieve credentials for access to external data sources. The Secure Store Service provides support for storing multiple sets of credentials for multiple back-end systems." [MS TechNet]

In this article, we will walk through Creation of Secure Store Service, Generation of the Key and Deletion of Secure Store Service.

Before Start

You should make sure the following things are ready before starting. It will help you to create service application flawlessly.

• Farm Administrator Account to login Central admin and creation of SSS
• URL of the Central Admin
• Service Account (Managed Account) which will run the App Pool of Secure Store Service
• Name of the Server where this Service Application will run
• SQL Server Alias where SSS database will be provisioned
• Name of Database of SSS
• Name of the Application Pool of SSS
• Generation Key

Tips

For a successful configuration of SSS, following are the industry recommendations.

• Use the dedicated app pool for SSS, should not be shared with other application.
• Use the dedicated SQL server or a SQL server which should not hold the Content Databases.
• Backup the generation key and SSS database.
• Run the Service on the Application Server.

Create Secure Store Service.

In order to create the Secure Store Service, please follow these steps.

1. Please log in on the Central admin site with Farm administrator account with local admin.
2. Click on Application Management
3. Click on Manager Service Applications Under Service Applicationshttp://krossfarm.com/wp-content/uploads/2016/07/ss-001.jpg
4. Click on the New (top Left) and drop-down select Secure Store Servicehttp://krossfarm.com/wp-content/uploads/2016/07/SS-1.jpg
5. On this page please enter the details
   1. Service Application Name: KS-SSS
   2. Database Server: KF-SQL
   3. Database Name: KF-SSService-Database
   4. Database Authentication: Windows Authentication
   5. Failover Database Server: We are using Always-ON Solution so this will be blank
   6. Application Pool
      1. Application Pool Name:  KF-SSS-AppPool
      2. Select the ID from Drop Down: Krossfarm\KFSvcApp
   7. Enable Audit (I would recommend to enable it because it will help you to audit every action [who did, what did, success etc]).
      1. Audit Log Purge: Enable
      2. Days Until Purge: 30 Dayshttp://krossfarm.com/wp-content/uploads/2016/07/SS-2-1.jpg
6. Click OK
7. This shouldn't take long and you will see this**http://krossfarm.com/wp-content/uploads/2016/07/SSk-1.jpg**

We successfully create the configuration of the Secure Store Service. 

Check

Please check a couple of things to make sure it is successfully created. Make sure Secure Store service Application Proxy is part of the Default Proxy group. and also make sure that Secure Store Service Application Instance is started on the server.

Check for Default Proxy Group

• On Application Management page, click on Configure service application associations under Service Applicationshttp://krossfarm.com/wp-content/uploads/2016/07/2016-07-23_00h28_09.jpg
• On this page click on the Defaulthttp://krossfarm.com/wp-content/uploads/2016/07/2016-07-23_00h27_21.jpg
• On this page please make sure SSS is check here.http://krossfarm.com/wp-content/uploads/2016/07/2016-07-23_00h27_43.jpg

Check the SSS Application Instance

1. On the Central Admin click on System Settings
2. Click on Manage Services on Server under the Serverhttp://krossfarm.com/wp-content/uploads/2016/07/2016-07-23_00h38_30.jpg
3. On this page make sure Secure Store Service Status is started. (If not then start it.)http://krossfarm.com/wp-content/uploads/2016/07/2016-07-23_00h39_33.jpg

Configuration

The last thing is we have to Generate the Key which is required and most important. So please store it a safe place.

1. Click on Application Management
2. Click on Manager Service Applications under Service Applications
3. On this page click on Secure Store Servicehttp://krossfarm.com/wp-content/uploads/2016/07/SSk-1.jpg
4. On this page, you will see this error “Before creating a new Secure Store Target Application, you must first generate a new key for this Secure Store Service Application from the ribbon.” But this happened when you visit the Secure Store Service the first time and no SSS key present. http://krossfarm.com/wp-content/uploads/2016/07/SSK-2.jpg
5. Click on **Generate New Key **in the Ribbon.http://krossfarm.com/wp-content/uploads/2016/07/SSk-3.jpg
6. On Generate New Key pop-up please enter the following:
   1. PassPhrase
   2. Confirm PassPhrase
   3. Click OKhttp://krossfarm.com/wp-content/uploads/2016/07/SSK-5.jpg
7. This shouldn't take long.http://krossfarm.com/wp-content/uploads/2016/07/SSk-6.jpg
8. Finally, you will see this screen.http://krossfarm.com/wp-content/uploads/2016/07/SSK-7.jpg

Note: PassPhrase should be at least 8 characters and must contain combinations of uppercase, lowercase numbers and special characters

Also make sure store this key in the safe location because it is not retrievable.

This complete the Creation and configuration of Secure Store Service. Next, you have to use it as per your Service Application requirement i.e. Visio, Access Service etc.

Delete the Secure Store Service Application.

In order to delete a Secure Store Service via Central admin please follow the steps below.

1. Please log in on the Central admin site with Farm administrator account with local admin.
2. On Application Management, click on Manager Service Applications Under Service Applicationshttp://krossfarm.com/wp-content/uploads/2016/07/ss-001.jpg
3. On this page highlight the Secure Store Service and click Delete Button from Ribbonhttp://krossfarm.com/wp-content/uploads/2016/07/SSD-2.jpg
4. On Delete Service Application page, check the Delete Data Associated with the Service Applications and click OK.http://krossfarm.com/wp-content/uploads/2016/07/SSD-4.jpg
5. This shouldn’t take too long.http://krossfarm.com/wp-content/uploads/2016/07/SSD-5.jpg
6. Click OK on the successful deletion page.http://krossfarm.com/wp-content/uploads/2016/07/ssd-.jpg
7. Now you will see SSS application is not more on this page.http://krossfarm.com/wp-content/uploads/2016/07/ss-01.jpg

After this make sure that Application Pool also deleted from IIS and Associated Database also deleted from SQL Server. Sometimes due to unknown error SharePoint fail to remove one of the components.

Recap

In this article, we learned how to create Secure Store Service, how to Generate the Key, and How to delete a Secure Store Service. We also share some useful tips and pre-steps.

Reference:

• Plan the Secure Store Service in SharePoint Server 2016