You receive a "Failed to generate the master secret (error code 0X80070005)" error message when you configure BizTalk Server 2004 on a Windows XP-based computer (840705)

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you configure Microsoft BizTalk Server 2004 on a Microsoft Windows XP-based computer, you may receive the following error message:

Failed to generate the master secret (error code 0X80070005).

The following error message may also be logged in the Config log that is in the Temp folder:

Failed to generate the master secret (error code 0X80070005). Return code number

CAUSE

This issue may occur if one of the following conditions is true:

The computer name is not recognized and is not mapped to the IP address. This condition exists if the return code that is displayed in the Config log file is 2.
The computer is a member of the workgroup. This issue may occur if the return code that is displayed in the Config log file is 4. By default, the following registry key is enabled. A DWORD value of 1 indicates the registry key is enabled.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ForceGuest
Therefore, the Security Support Provider Interface (SSPI) tries to log on by using the guest user account and fails.

WORKAROUND

To work around this issue, determine the return code in the Config log file, and then follow the steps that are appropriate for your situation.

The return code in the Config log file is 2

Use one of the following methods.

Method 1

Map the computer name to the IP address in the Hosts file. You can use Notepad to change the Hosts file. The Hosts file is in the following location:

Windows Folder\System32\Drivers\Etc

Method 2

Remove the computer from the domain.

The return code in the Config log file is 4

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Set the forceguest value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa subkey to 0 (zero). To do this, follow these steps.

Click Start, click Run, type regedit in the Open box, and then click OK.
In Registry Editor, locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa subkey, right-click forceguest, click Modify, type 0, and then click OK.
Quit Registry Editor.

MORE INFORMATION

The following table indicates how the Security Support Provider Interface (SSPI) tries to log on according to the settings in the registry.

Registry value	Value	Status	Result
Forceguest	1	Enabled	The SSPI logs on by using the guest user account.
Forceguest	0	Disabled	The SSPI logs on as the user who is specified.

If the guest account is enabled, the SSPI can log on successfully by using the guest account and any user credentials.

If the guest account is disabled, the SSPI logon fails regardless of whether you provide valid credentials. This is the default behavior in Windows XP in a peer-to-peer network.

REFERENCES

For additional information about this issue, click the following article numbers to view the articles in the Microsoft Knowledge Base:

827918 Cannot install Commerce Server 2002 Developer Edition on Windows XP.

294355 Netdom.exe cannot join a Windows XP Professional-based computer to a domain

290403 How to set security in Windows XP Professional that is installed in a workgroup