Geeks With Blogs
Edmund Zhao's BizTalk abc We share, We learn

Does master secret server always have to be clustered? My answer is practically it is not. The environment I'm working on has 8 BizTalk servers in each server group. Master secret server is on one of these BizTalk servers, not being clustered. The following is how to have the Biztalk server groups to be recovered in case any failure of the master secret server.

1. Make a backup of the secret on master secret server, before it crashes! And store a copy of the secret on each BizTalk server.

2. When the master secret server fails, follow the steps below.

(a) Update "GlobalInfo.xml" under "C:\Program Files\Microsoft BizTalk Server 2004\SDK\Samples\SSO\Manage" and save to "C:\Program Files\Common Files\Enterprise Single Sign-On". And make sure you have the new master secret server name in <secretServer>New Master Secret Server</secretServer> tag

(b) Go to "C:\Program Files\Common Files\Enterprise Single Sign-On". Run "SSOmanage -updatedb GlobalInfo.xml". You might have to go to different directory if you didn't use default directory for BizTalk installation

(c) Run "SSOmanage -serverall <new master secret server>"

(d) In BizTalk admin console change the Enterprise Single Sign-on Server name to <new master secret server>. It is under server group properties -> General tab

(e) Run "SSOmanage -displaydb" to verify the information in the SSO db

(f) Restart ENTSSO service on the new master secret server

(g) Run "SSOconfig -restoresecret <master secret key backup>"

(h) Verify the change by doing health check in BizTalk admin console.

...Edmund Zhao 



Posted on Tuesday, October 31, 2006 4:40 PM | Back to top

Comments on this post: How to promote a secondary server to be master secret server

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Edmund Zhao | Powered by: