How to change the Enterprise Single Sign-On (SSO) service account that is configured to run on the master secret server in BizTalk Server 2004 (884205)

MORE INFORMATION

Note You must only follow these steps on the Enterprise SSO server that contains the master secret. To determine the server that contains the Master Secret, follow these steps:

1. Open a command prompt. To do this, click Start, click Run, type cmd, and then click OK.
2. At the command prompt, change to the Enterprise SSO installation folder, and then type ssomanage -displaydb.
   
   Note By default, the installation folder for the Enterprise SSO service is Drive:\Program Files\Common Files\Enterprise Single Sign-On. In this folder name, Drive is the disk drive that contains the Enterprise Single Sign-On directory.

To change the Enterprise SSO service account that is configured to run on the master secret server, follow these steps:

1. Back up the master secret. To do this, follow these steps:
   1. Click Start, click Run, type cmd, and then click OK.
   2. At the command prompt, change to the Enterprise Single Sign-On installation directory.
      
      Note By default, the installation directory is Drive:\Program Files\Common Files\Enterprise Single Sign-On.
   3. At the command prompt, type ssoconfig -backupsecret BackupFile
      
      Note BackupFile is the path of and the name of the file where the master secret will be backed up. For example, A:\Ssobackup.bak.
   4. Provide a password to help protect this backup file. You will be prompted to confirm the password and to provide a password hint to help you remember this password.
      
      Important You must save and store the backup file in a security-enhanced location.
2. At the command prompt, type net stop entsso to stop the SSO service.
3. In Control Panel, open Administrative Tools, and then double-click Services.
4. Right-click the Enterprise Single Sign-On service, and then click Properties.
5. On the Log On tab, change the account and the password to the values that you want, and then click OK.
   
   Note This account must be a member of the SSO Administrators group. If it is not a member of the SSO Administrators group, add the account to the SSO Administrators group.
6. Start the Enterprise SSO service.
   
   Note After you start the Enterprise SSO service, you will receive an error message in the application log on the master secret server that is similar to the following:
   
   The secret could not be loaded from the registry. The service account for the SSO service may have been changed or the secret may be corrupted. Restore the secret from a backup file.
   This error message will be resolved when you restore the master secret.
7. Restore the master secret. To do this, follow these steps:
   1. Click Start, click Run, type cmd, and then click OK.
   2. At the command prompt, change to the Enterprise Single Sign-On installation directory.
      
      Note By default, the installation directory is Drive:\Program Files\Common Files\Enterprise Single Sign-On.
   3. At the command prompt, type ssoconfig -restoresecret BackupFile.
      
      Note BackupFile is the path of and the name of the backup file.
   Note After you restore the master secret, you receive a message in the application log on the master secret server that is similar to the following:
   Recovered from failure to get master secrets. Secret Server Name: ServerNameNote ServerName is a placeholder for the name of the master secret server.