Re: Failover errors: Master Secret Server
- From: rene.rugerio@xxxxxxxxx
- Date: 20 Sep 2006 16:30:16 -0700
I ran into similar troubles few days ago, the scenario is as following
entsso is a cluster resource running on two servers, but then it failed
over, one of its nodes was causing conflicts in the event log. and this
is where this post rang a bell, because the guys who installed this may
not do the "second cluster node" part. It was way annoying when it
failed and i cant even change a receive location due to the
cryptography methods invoked by these procedures.
well, what we were forced to do was ... ssoconfig restoring again the
sso.bak on node 1 ... take offline and bring online
ssoconfig the same sso.bak on node 2 and then taking offline and bring
online
we had the sso.bak from installation, but i assume you can create a new
one with the console commands and then run in both nodes
this looks pretty simple though, but
1) run ssoconfig directives on both servers
2) make damn sure the registry is affected (enter to regedit,
software->microsoft ... blah blah blah, the old fashioned way, lol)
i hope i could be more help than sharing my gray experience
best regards
mshubat@xxxxxxxxx wrote:
Hi to all,
I'm setting up BizTalk 2006 Enterprise Edition on two clusters, with
the Master Secret Server on one cluster and BizTalk on the other. I've
followed the instructions provided at
http://www.microsoft.com/technet/prodtechnol/biztalk/2006/library/bts06clustering/ef817fa4-e43d-4e3d-8686-5bd675708001.mspx?mfr=true.
Everything works fine until the last section on "To restore the master
secret on the second cluster node". After performing this last
procedure, moving the cluster group back to the primary node (the node
where the installation process started) results in several alarming
event log entries:
There are two of these entries:
"The secret could not be loaded from the registry. The service account
for the SSO service may have been changed or the secret may be
corrupted. Restore the secret from a backup file."
one of these entries:
"Could not load secrets from the registry of the master secret server."
and finally one of these entries:
"Failed to retrieve master secrets. Verify that the master secret
server name is correct and that it is available. Secret Server Name:
XXXXXXXXX Error Code: 0x80002918, No secrets were found in the
registry of the master secret server. Use the configuration tools to
generate or restore a master secret."
After many hours of trying various things, I've discovered that after
running the following command: "ssoconfig -restoresecret XXXXX.bak",
when the cluster group moves to the machine that I ran it on, the
entsso service starts fine and finds the master secret in the registry
of the virtual server. However, when the group moves to the other
node, I get the collection of errors shown above.
Any Ideas? Seems to me that the "ssoconfig -restoresecret XXXXX.bak"
command is introducing a machine dependency. Is the DPAPI technology
being used under the hood to encrypt the secret using the Machine
store, thus introducing the machine dependency?
Any help would be appreciated.
Mike
.
- Follow-Ups:
- Re: Failover errors: Master Secret Server
- From: mshubat@xxxxxxxxx
- Re: Failover errors: Master Secret Server
- References:
- Failover errors: Master Secret Server
- From: mshubat@xxxxxxxxx
- Failover errors: Master Secret Server
- Prev by Date: peoplesoft adapter
- Next by Date: BizTalk Server Group vs FTP Receive Ports - Round 1 - Fight !!!
- Previous by thread: Failover errors: Master Secret Server
- Next by thread: Re: Failover errors: Master Secret Server
- Index(es):
Relevant Pages
|
|
