Secret Server Issue
I am new to BizTalk and SSO and I'm having an issue with I think the SSO server. I'm getting the following error when I try to view the detail of my currently installed adapters:
Cannot perform encryption or decryption because the secret is not available from the master secret server.
It says to look at the event log but the log says the same thing. I've created the SSO databases and have gone through as much documentation as I can tolerate. I also have local certificates in the personal and other stores and nothing works.
Thanks!
[613 byte] By [
enizin] at [2008-2-28]
Thanks for your reply...
I've tried that using the Action -> Generate Secret menu option and it says the secret was created but yet I still get the same error when trying to view the adapter details.
I tried backing up and restoring the secret but the restore gives me "ERROR: incorrect master secret".
Thanks again for your help.
Ian
Enizin,
Have you had a disaster that you've needed to recover from?
This error is when you restore a previous SSO DB onto a 'new' system.
SSO has a 'secret' that it uses to encrypt/decrypt vital values in the SSO DB - e.g. BTS uses SSO to store all it's port config values.
On a new system, one of the steps we do is to create a backup of this 'secret' - this is a password protect file on the disk.
You need this file to work with your previous SSO DB.
If you have this file, use the SSO Admin Console to restore the secret from the backed up file. Stop start the SSO Service (on all boxes if there are several). You're back in the game.
If you do not have the backup then it's trouble....best is to re-configure bts to a brand new SSO DB or you'll be plagued with security/SSO problems each step along the way.
Cheers
Hi Enizin -
The error you are seeing -
Cannot perform encryption or decryption because the secret is not available from the master secret server.
Means that your SSO server can't get a secret from the SSO master secret server. First thing to determine is which server is (supposed to be) the master secret server? (MSS). If you only have one BizTalk server then this must be the MSS. If you have more than one then only one must be the MSS. Clear the Application event log and restart your ENTSSO servers. This will tell you which server is the MSS and whether the other server obtained a master secret secret successfully from the MSS. You might want to turn the SSO audit levels up for more info in the Application event log (ssoconfig -auditlevel 3 3).
If all looks good in the event log so far and it still doesn't work, you may have the wrong secret. Secrets are backed up in *.bak files by default to your ENTSSO install dir which is normally C:\Program Files\Common Files\Enterprise Single Sign-On. If you have several in there try restoring them earliest date first until you find one that works.
