SCOM Trick 37 – Backup RMS encryption key

In SCOM 2007 the root management server (RMS) uses an encryption key to be able to decrypt secure data in the SCOM database. When you first install SCOM at the end of the step to install the first management server (RMS) you will get the option to backup the encryption key. This is a good start to make a backup of it and you will provide a password. But there is also a way to create a backup of the encryption key after the installation. In most cases I would use the same password as the SDK/config/dataaccess account is using. Just something that works for me as I can remember that I use this most of the times and most of the times I know the SDK account. You will need to have this backup of the encryption key when you need to restore your RMS or when you need to promote another management server to RMS. One more reason why it is a good idea to also store the key backup on another location (for instance on the second management server), as you will use it when your RMS is dead most of the times.
So how to backup the key:
Of course it is also nice to list how to restore it:

In a few cases we have seen somebody get an error like this:
could not load file or assembly ‘, Version=6.0.4900.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies.
In that case copy securestoragebackup.exe to the program files directory for scom where lives and run backup from there from an elevated command prompt.

Back to the SCOM Tricks general list