BizTalk 2016 Clustering Enterprise Single Sign On

This blog is to show you the steps of clustering Enterprise Single Sign On after you have configured your BizTalk server already. The original steps are based on Microsoft’s article on “How to Cluster the Master Secret Server” most of the steps are here but I had to divert or skip most of the steps as I already have configured my BizTalk server I wasnt just about to start configuring the whole BizTalk server.

Scenario: There is already an existing BizTalk server configured and you want to Cluster your Enterprise Single Sign On

This blog assumes that you have an existing cluster in your Failover Cluster Manager and 2 BizTalk server nodes

Prerequisites: Do a backup of your Secrets in your Master Secret Server and copy it in your Primary and Secondary Nodes.

Step 1. On your Primary node open your Failover Cluster Manager select your cluster and then click on Roles.

Step 2. And then on the right you will see the Roles, select one (preferably the one your BizTalk server Host are already using) , right click and then point on Add Resource and then select Generic Service

Step 3. A New Resource Wizard dialogue box will appear like below. Select Service – choose Enterprise Single Sign On, Confirmation – next, Configure Generic Service – tick/check Use Network Name for computer name, Summary – Finish.

Step 4. You will see Enterprise Single Sign-On Service as a resource under your Roles

If you encounter an issue, say you missed to tick/check the Use Network Name for computer name you can right click on the above resource and then select properties to change the properties but before you change the properties take all the Host Instance resources and Enterprise Single Sign on Offline.

in my example I missed it so I simply go into properties and tick/check the box there. Note that having this box ticked/checked is important because if you go to your secondary node it wont be able to contact this resource in your cluster!

Click Apply and OK.

Step 5. In the Properties window go to the Dependencies tab, click Insert and choose the name of your Cluster, then click Apply and OK.

Step 6. OK at this stage you have Enterprise Single Sign On in your cluster. Now you will have to change the Master Secret Server. Login to your current Master Secret Server and go to SSO Administration, under Enterprise Single Sign On right click on System and then click on properties

Step 7. In the System Properties window put in your Master Secret Server your Failover Cluster name and click OK.

Step 8. Restore your .bak file on the Primary Node, open your command prompt as administrator and change directory to your Enterprise Single Sign on directory like below

And then execute the following commands, ssoconfig -restoresecret <.bak file name here>

Then apply the password and enter.

Step 9. On your Cluster, move the Role to your secondary Node by right clicking, point to Move and then click on Select Node, Select your secondary Node.

Step 10. Once you are on your secondary node bring all the resources offline, and repeat step 8 on your secondary node, and then bring it online.

Step 11. Finally you have to log into the BizTalk SQL Server and go to BizTalkMgmtDb, Query table adm_Group and make sure that the SSODBName column (beside RuleEngineDBName) value is changed to the cluster server name.

Thats it, you have your Enterprise Single Sign On Master Secret Server clustered.


Published by Aaron Palma Gil

I didn't choose Integration, Integration chose me.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: