SSO issue BizTalk

In this BizTalk setup I had a separate BizTalk Server and SQL Server. The SSO feature was installed on the SQL Server. I received the following issues in BizTalk:
Could not contact SSO Server SQL. Check that SSO is configured and that the SSO service is running on that server.
Additional information: The RPC server is unavailable
and
Cannot perform encryption or decryption because the secret is not available from the master secret server
and
Failed to retrieve master secrets. Verify that the master secret server name is correct and that it is available.

To diagnose the problem you can run the following command on the BizTalk Server:
Open de Command Pormpt
Type CD C:\Program Files\Common Files\Enterprise Single Sign-On\
Press Enter
Type ssomanage.exe -displaydb
On the screen that appears you can see the name of the SSO Server and whether SSO is enabled or not.

I first tried a SSO master secret key restore, but that didn’t help. I also checked the DTC connection using DTC Ping.

In the end it turned out that it was a firewall issue on the SQL Server (=SSO server).
The following firewall rule had to be adjusted on the SQL Server:
New-NetFirewallRule -DisplayName ‘BizTalk_SSO_Poorten_49000_56000’ -Profile @(‘Domain’) -Direction Inbound -Action Allow -Protocol TCP -LocalPort @(‘49000-56000′)

The Microsoft documentation indicates you only have to open firewall ports 50000 to 50200, but the firewall log indicated otherwise. Obviously, it’s hard to find out in the first place whether there is a firewall issue. As a start you can just disable the firewall on the SQL Server. Next you can fine tune the firewall rules. Go to Contol Panel / System and Security / Windows Firewall. To get to the firewall rules, open Advanced Settings / Inbound Rules.

Leave a Reply

Your email address will not be published. Required fields are marked *