Wednesday 27 November 2019

Cannot perform encryption or decryption because the secret is not available from the master secret server

There are a couple of reason why this might happen.  The first would be when the SSO Master Secret has been corrupted.

The first indication of this is when you try and perform actions within the BizTalk Administration Console such as importing bindings, creating ports etc.

You will start seeing the following error (amongst others) :- Cannot perform encryption or decryption because the secret is not available from the master secret server in the event viewer.  You may be tempted at this point to restart the Enterprise Single Sign On Service on the BizTalk nodes …. don’t.

If there is a problem with SSO and you try to restart the service … it will also stop the host instances running on the server … if the Enterprise SSO service does not come back up …. the host instances will not restart and no messages will be processed through the system (or whichever specific nodes you have restarted the Enterprise SSO service on).

Before you restore the SSO Master Secret it might also be worth checking to see if there are any firewall rules preventing access to the SSO Master Instance from the BizTalk Application Server Nodes as this can also give the same error.

If an SSO Master Secret restore is required …… follow the process set out below

It is worth pointing out before you start the process that if you don’t not have an SSO Master Secret Backup or the password, you will not be able to do the restore, and your only other option will be to re-do the BizTalk configuration process.

Click the windows button at the bottom left of the screen on the machine that contains the Master Enterprise SSO instance
Type MMC

In the resulting console click File then Add / Remove snapin
From the snapin list click Enterprise Single Sign-On (Green arrow in the image below) and click the Add button (Blue arrow in the image below)

The Enterprise Single Sign-On snap-in should appear in the Selected Snap-Ins pane on the right (Green arrow in the below image)

Next click ok (Blue arrow in the below image)

Expand the Enterprise Single Sign-On tree node in the left hand pane (Green arrow in below image)

Left clicking the system option will give you details of the current SSO instance and will also tell you which machine the Master is on (Look for Master Secret Server in the table)

In order to Restore the Master secret from backup ……
Right click System tree node in the left hand pane and select Restore Secret

In the Backup file box click browse (Green arrow in below image)

Then navigate to the Master Secret backup file …. Usually located here :- C:\Program Files\Common Files\Enterprise Single Sign-On.  Click the backup file (Green arrow in below image).  Then click Open (Blue arrow in below image)

If one has been configured … click the Password reminder Show button (Blue arrow in image below) to get a hint of the password

Type the password in the File Password box (Green arrow in image below) then click OK (Orange arrow in image below)

No comments:

Post a Comment