, , , , , ,

Hi Everyone,

Last month, for some testing purposes I added another Instance of Report Server (Dynamics365_SSRS) pointing to my existing one (MSSQLServer). After I finished all the testing, I wish to remove the additional Report Server Instance. So I proceed to uninstall the additional Instance; all went well and I restarted the server to make sure all the related files and connections are refreshed. To double confirm, I opened the Reporting Services Configuration Manager to make sure the Report Instance is removed but I noticed the Instance (Dynamics365_SSRS) was still there waiting to be joined under Scale-out Deployment section.

My Report Server and Report Manager weren’t working anymore, I checked the SSRS logs and found the following error:

Microsoft.ReportingServices.Portal.WebHost!crypto!1!09/04/2018-11:56:27:: i INFO: Exporting public key
Microsoft.ReportingServices.Portal.WebHost!crypto!1!09/04/2018-11:56:27:: i INFO: Performing sku validation : Scale-Out
Microsoft.ReportingServices.Portal.WebHost!crypto!1!09/04/2018-11:56:27:: i INFO: NT Service not activated: can be added to scale out group with config tool
Microsoft.ReportingServices.Portal.WebHost!library!1!09/04/2018-11:56:27:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.CannotValidateEncryptedDataException: , Microsoft.ReportingServices.Diagnostics.Utilities.CannotValidateEncryptedDataException: The report server was unable to validate the integrity of encrypted data in the database.;


From the error message, I understood I might also need to re-encrypt all contents using a new Encryption Key (as I didn’t store my previous encryption keys as well 😦 ) after I successfully remove the additional Instance.  I then read about some articles and found this document from Microsoft on RSKeyMgmt. This utility helps to extract, restore, create and deletes the symmetric key used to protect sensitive report server data against unauthorized access. Also it helps to join/remove report server instances in a scale-out deployment.




I’m using SQL Server 2016 and I found this tool under: <Drive:>\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\RSKeyMgmt

As per the article I shared above, you would need to be the local administrator of the computer where the Instance is installed as this utility doesn’t work to manage the encryption keys of remote instances.  So to run this utility I open the command prompt using the administrator and browse to it’s location path and ran the following Command.

RSKeyMgmt -l  -> To list the announced servers in the report server database

I found 2 servers as a result:



RSKeyMgmt -r  -> To remove a specific installation from a scale out deployment.



After this the additional Instance (Dynamics365_SSRS) was finally removed from the scale-out deployment section under Reporting Services configuration manager.


Later I ran the following code:

RSKeyMgmt -r  -> To re-encrypt the secure information using a new Encryption Key


I refreshed my Report Server and my Report Manager and I finally had those pages back for browsing.


Hope this would he helpful to someone. Thanks ! 🙂