Wednesday, March 11, 2009

Warning:- The master secret has not been backed up !

The master secret has not been backed up. If you lose the master secret all the information stored in the SSO system will be lost permanently and your systems may fail to work correctly. Please use the SSO admin tools to back up your master secret.

Scary, I'll agree.  Simple fix, however.  This step is part of BizTalk installation on this blog (not published yet; write me for an advance copy), but I've broken it out here:

  • On the Start menu, click Run.
  • In the Run dialog box, type “cmd”, and then click OK.
  • At the command line, go to the Enterprise Single Sign-On installation directory.
  • The default installation directory is :\Program Files\Common Files\Enterprise Single Sign-On.
  • Type “ssoconfig -backupsecret ”, where is the path and name of the file where the master secret will be backed up. For example, “A:\ssobackup.bak” to back up to a floppy disk, or “C:\mastersecret_servername.bak” to be moved to VSS or some other secure repository.
  • Provide a password to protect this file. You will be prompted to confirm the password and to provide a password hint to help you remember this password.
  • Store the backup file in a secure location.

The backup file can be used to restore a Master Secret Server or promote a group member to master secret server, as Follows.

If your MSS should fail, here are the steps to promote a member server to the MSS:

  • Change the master secret server name from the original to the new using ssomanage: “ssomanage -updatedb”.
  • Stop the ENTSSO service on the new master secret server.
  • Start the ENTSSO service on the new master secret server. It will recognize that it is the master secret server and that it has no secrets.
  • On the new master secret server, restore the backed up master secret file using ssoconfig: “ssoconfig -restoresecret BackupFile” 

The new server is now the master of the group. 

1 comment:

  1. Always check whether the file is available at this location [In case you don't remember where you backed up your file]

    C:\Program Files\Common Files\Enterprise Single Sign-On

    Usually most of the programmers keep the backup directory same and they forget about it all the times...

    - Experiece ;)
    - Thanks Hemant

    ReplyDelete

FEEDJIT Live Traffic Map