Search code examples
windowspowershellreporting-servicesautomationssrs-2014

Deleting Report Server (2014 Native Mode) Encrypted Keys & Data [PowerShell]

After I clone an instance from an image, a few manual steps need to be carried out to get the report server working correctly. Among them is the deletion of all encrypted data, including symmetric key instances on the report server database.

This step requires me to RDP to the server in question, open the Reporting Services Configuration Manager and delete the encrypted data manually.

Without carrying out this step, I get the following error when I try to load up the report server interface of the new server:

The report server cannot open a connection to the report server database. A connection to the database is required for all requests and processing. (rsReportServerDatabaseUnavailable)

I'm trying to automate this step, so that it runs as part of a PowerShell script to remotely delete the encrypted data.

I am aware of 'rskeymgmt -d' but this prompts the user for input when run and has no force flag available to circumvent this additional input, rendering it unusable for running remotely as far as I can see:

C:\>rskeymgmt -d
All data will be lost.  Are you sure you want to delete all encrypted data from
the report server database (Y/N)?
Solution

  • I've found a solutions to solving this problem. Calling RSKeyMgmt -d through a remote PowerShell session and piping the Y string to the call passes the parameter that RSKeyMgmt prompts the user for. This method is based on Som DT's post on backing up report server encryption keys

    I've attached the full script I am using as part of my environment cloning process. 

    <#
.SYNOPSIS
    Deletes encrypted content from a report server

.PARAMETER MachineName
    The name of the machine that the report server resides on

.EXAMPLE
    ./Delete-EncryptedSsrsContent.ps1 -MachineName 'dev41pc123'
    Deletes encrypted content from the 'dev41pc123' report server
 #>

param([string]$MachineName = $(throw "MachineName parameter required, for command line usage of this script, type:  'get-help ./Delete-EncryptedSSRS.ps1 -examples'"))

trap [SystemException]{Write-Output "`n`nERROR: $_";exit 1}
Set-StrictMode -Version Latest

try
{
    Write-Output "`nCreating remote session to the '$machineName' machine now..."
    $session = New-PSsession -Computername $machineName
    Invoke-Command -Session $Session -ScriptBlock {"Y" | RSKeyMgmt -d}
}
catch
{
    Write-Output "`n`nERROR: $_"
}
finally
{
    if ($Session)
    {
        Remove-PSSession $Session
    }
}