TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Editing: BizTalk: Enterprise Single Sign-On Service
Wiki
>
TechNet Articles
>
BizTalk: Enterprise Single Sign-On Service
Article
Edit
History
Title
<html> <body> [TOC]<br> <h1><a name="Basic_Terminology"></a>Basic Terminology</h1> <p><em>Enterprise Single Sign-On Service:</em> A service that communicates directly with the master secret. It is installed with a startup type of Automatic on <em>every</em> BizTalk Server computer in the Group.</p> <p><em>Master secret:</em> A registry key that is encrypted. When the Enterprise Single Sign-On (SSO) service is configured during a basic configuration, a backup of the master secret is automatically created in C:\Program Files\Common Files\Enterprise Single Sign-On, and is assigned a password. During a custom configuration, you are asked to specify a password and location for the backup file.</p> <p>The master secret is only active on one server in the BizTalk group. This is considered the master secret server. The master secret is also responsible for all interaction with the Single Sign-On (SSO) database.</p> <p><em>Single Sign-On database (SSODB):</em> This is a database that stores everything related to SSO, including BizTalk artifacts such as receive locations and receive handlers, SSO configuration data such as affiliate applications and ticket timeout value, account information, and account mappings.</p> <h1><a name="Common_Issues"></a>Common Issues</h1> <ul> <li>The password of the master secret password is unknown. There is not anything that can be done to restore the master secret without the password. If the password is unknown and you must restore the master secret, unconfiguring and reconfiguring BizTalk is the only option. </li><li>Do not change the Enterprise Single Sign-On (SSO) service account. If you must do it, follow the steps in KB article <a href="http://support.microsoft.com/kb/884205">884205</a>. </li><li>The BizTalk service has a dependency on the Enterprise Single Sign-On (SSO) service. Sometimes, the SSO service takes a while to start and may appear to hang. This behavior causes the BizTalk Service to time out during startup. To avoid this timeout, change the service account type to <strong>Automatic (Delayed Start)</strong>, as described in KB article <a href="http://support.microsoft.com/kb/942284">942284</a>. </li><li>For specific steps on how to cluster the master secret, see <a href="http://msdn.microsoft.com/library/aa561823(BTS.20).aspx"> How to Cluster the Master Secret Server</a>. <p>During this process, you must change the name of the master secret server to be the <em>actual</em> network name (also known as the virtual server name) by creating an XML file. For example, if the network name (also known as the virtual server name) is BizCluster01, then your XML file looks like the following.<br> <span style="font-size:12px"><br> </span></p> <div class="reCodeBlock" style="border:1px solid #7f9db9; overflow-y:auto"> <div style="background-color:#ffffff"><span style="font-size:12px; margin-left:0px!important"><code style="color:#000000"><</code><code style="color:#006699; font-weight:bold">sso</code><code style="color:#000000">></code></span></div> <div style="background-color:#f8f8f8"><span style="font-size:12px"><code> </code><span style="margin-left:9px!important"><code style="color:#000000"><</code><code style="color:#006699; font-weight:bold">globalInfo</code><code style="color:#000000">></code></span></span></div> <div style="background-color:#ffffff"><span style="font-size:12px"><code> </code><span style="margin-left:18px!important"><code style="color:#000000"><</code><code style="color:#006699; font-weight:bold">secretServer</code><code style="color:#000000">>BizCluster01</</code><code style="color:#006699; font-weight:bold">secretServer</code><code style="color:#000000">></code></span></span></div> <div style="background-color:#f8f8f8"><span style="font-size:12px"><code> </code><span style="margin-left:9px!important"><code style="color:#000000"></</code><code style="color:#006699; font-weight:bold">globalInfo</code><code style="color:#000000">></code></span></span></div> <div style="background-color:#ffffff"><span style="font-size:12px; margin-left:0px!important"><code style="color:#000000"></</code><code style="color:#006699; font-weight:bold">sso</code><code style="color:#000000">></code></span></div> </div> To confirm the network name, open Cluster Administrator, and then open the properties of the BizTalk network name resource. Within these properties, the actual network name is listed. Copy this value, and put it in the XML file. <p><a href="http://msdn.microsoft.com/library/dd897474(BTS.10).aspx">How to Create a Cluster Group with a Disk, IP Address, and Name Resource</a></p> </li><li>The master secret can be moved from BizTalkServerA to BizTalkServerB or to a cluster. For specific steps on how to accomplish both tasks, see <a href="http://msdn.microsoft.com/library/aa559364(BTS.10).aspx">How to Move the Master Secret Server</a>. </li></ul> <h1><a name="Troubleshooting"></a>Troubleshooting</h1> <p>SSO logs errors and events to the Application event log. It also has different levels of error information. When you are troubleshooting an SSO issue, enable high auditing by using ssoconfig.exe:</p> <ol> <li>Open a command window, and then go to C:\Program Files\Common Files\Enterprise Single Sign-On. </li><li>Type <strong>ssoconfig -auditlevel 3 3</strong> and then press <strong>Enter</strong>. </li><li>Reproduce the issue, and then check the Application event log for any errors. </li><li>Type <strong>ssoconfig –auditlevel 0 1</strong>. This command returns the system to the default audit level. This prevents run-time performance from being affected, and avoids rapid database growth due to verbose audit. </li></ol> <p>For more information, including some known issues, see <a href="http://msdn.microsoft.com/library/aa953861(BTS.10).aspx"> Troubleshooting Enterprise Single Sign-On</a>.</p> <h1><a name="Tips_and_Best_Practices"></a>Tips and Best Practices</h1> <ul> <li>Back up the master secret often. Know the location of the backup and the password. We strongly recommend that multiple BizTalk administrators know the location and password. </li><li>The SSO service can be repaired via Add/Remove Programs. This might require restoring the master secret. </li><li>SSO Administration can be used for common tasks, including backing up and restoring the master secret, changing the master secret to another server, adding users/groups to administer SSO, and getting the name of the master secret server. </li></ul> <h1><a name="See_Also"></a>See Also</h1> <p>Read suggested related topics: </p> <ul> <li><a href="http://social.technet.microsoft.com/wiki/contents/articles/6904.biztalk-server-2010-enterprise-sso-survival-guide.aspx" target="_blank">BizTalk Server 2010: Enterprise SSO Survival Guide</a> </li></ul> Another important place to find a huge amount of BizTalk related articles is the TechNet Wiki itself. The best entry point is <a href="http://social.technet.microsoft.com/wiki/contents/articles/2240.biztalk-server-resources-on-the-technet-wiki.aspx" target="_blank"> BizTalk Server Resources on the TechNet Wiki</a>. </body> </html>
Comment
Tags
Please add 1 and 8 and type the answer here: