Moving Secret Server To Another Machine

If you are moving/migrating Secret Server to a new machine and have installed IIS and .NET Framework as described in the Installation Guide on the new machine, you do not need to run the installer, simply follow the steps below.

  • If you use the “Force HTTPS/SSL” option, disable it by clicking Configuration from the Administration menu.
  • Click the Security tab, and Edit. If you are also moving the SQL Server database, be sure to create a new backup of the database, as this setting is written to it. You can re-enable the “Force HTTPS/SSL” option after you set up and install an SSL certificate on the new machine.
  • If you have configured encryption of your key using DPAPI, you will also need to turn this off before continuing with step 3. To do so, click Configuration from the Administration menu, then click the Security tab. Click Decrypt Key to not Use DPAPI and enter your Secret Server account password.
  • Copy the folder that holds your Secret Server instance to the new computer.
  • Shut down the old web site and recycle its application pool as it is running background threads which are accessing the database.
  • Set up the new folder in Internet Information Server (IIS) as a virtual directory/application under the Default Web Site or as a separate Website.

If your database server and credentials have not changed, skip this step. If they have changed, follow the steps below:

  • Delete the database.config file from the secretserver folder (on the ASP.NET/IIS machine).
  • Restart your new Secret Server website, so it is running.
  • Browse to your Secret Server URL \ dbconnectionreset.aspx (http:\\secretserverurl\dbconnectionreset.aspx) and you will be prompted to enter your new database connection details.
  • Enter your new SQL Server and the account information.
  • Click Next and the site will connect to the new database.
  • Your site is now pointing the new database.

When you browse to Secret Server on the new machine it will usually state that it is a secondary node. This is because the database still knows about the previous server.

If the old machine was a primary node, then follow these steps to change the new machine to being the primary node:

  • On the server you will make the primary node, navigate to Secret Server locally.
  • Log in as an administrator, and click Server Nodes from the Administration menu.
  • Click the Make Current Node Primary button.


  • Activate the licenses for the new server by going to the Licenses page.
  • If you are using certs, remember to set them on your new IIS, then browse to Secret Server over HTTPS and re-enable force HTTPS if this was set on the original machine.
  • Re-enable DPAPI if this was disabled in the earlier step.

Follow these steps to move the database to another machine: Thycotic Secret Server: Moving Microsoft SQL Server Database To Another Machine

For more information and general guidance on our products & services, please contact us.

Require further support?

Search all Knowledgebase articles

Send a Support Request to The Idency Support Team

In good company: some of Idency's clients