Restore master secret key

Restoring the master secret key is no rocket science, you just have to make sure you do things right, otherwise your BizTalk environment will be corrupted. In the scenario at hand, I had a BizTalk environment with a separate BizTalk Server and a separate SQL Server. The BizTalk SSO feature is installed on SQL Server. That’s why you will have to perform the SSO master secret restore at the SQL Server. Stepping plan:
  • Stop the Enterprise SSO Server on the BizTalk Server (not on the SQL Server).
  • Log on to the master secret server (in this case the SQL Server) with an account that is both Windows administrator and SSO administrator.
  • Start/Run MMC.
  • Add the Enterprise Single Sign-On snap-in.
  • In the scope pane of the ENTSSO MMC Snap-In, expand the Enterprise Single Sign-On node.
  • Right-click System, and then click Restore Secret.
To restore the master secret key you will need the master secret backup file and the password to protect this file. The backup file and password are created on installation. In this case, the backup file was stored on the SQL Server at location: D:\Program Files\Microsoft BizTalk Server 2016\mastersecret_2017-07-12_16_30.bak. The password was stored in KeyPass. Of course it’s OK to use another safe location.