After rebooting the operating system BizTalk Server 2010 services, in my case: “BizTalk Service BizTalk Group: BizTalkServerApplication” fails to start automatically, despite being configured to do so.
Cause
This is a Microsoft known Issues with BizTalk Runtime forcing us to manually start the services.
I was hoping that BizTalk 2010 CU2 released on August 31, 2011, resolved this problem, but no such luck.
Solution
In Services.msc set the “Startup type” to “Automatic (Delayed Start)” option in these services:
- Enterprise Single Sign-On Service
- And BizTalk Service BizTalk Group : BizTalkServerApplication Service
This behavior also occurs in BizTalk 2009 and 2006 R2. The solution is the same you should change the startup types for the BizTalk services on all the BizTalk machines in the group to Automatic (Delayed Start).
Thank you, Thiago Almeida and Saravana for alerting me that this behavior also occurs in this previous versions (see Thiago post)
Hi Sandro,
The reason for this is BizTalk service depends on the SSO service which takes a while to start on system start. Since the SSO service doesnt start instantaneously, the BizTalk service fails to start automatically as well.
Dipesh
http://dipeshavlani.net
Hi Dipesh Avlani,
First of all thanks for the comment and for the explanation. You are absolutely right!
However, is not new that BizTalk requires SSO service to start, old versions of the product (2006, 2006 R2, 2009, …) also require this service and in none of them my clients had this problem.
Hi Sandro, does the resolution you provide work. Do the services come up automatically if we change the startup type to Automatic(delayed start) for ESSO and host instances ?
Hi Suruchi,
Yes the solution works. I already implemented and successfully tested it in three BizTalk environments on different clients.
it works for me too , thanks
Hi Sandro, I am facing following issue while importing binding file in BizTalk administrator.
Log Name: Application
Source: ENTSSO
Date: 02/09/2014 10:31:22
Event ID: 10536
Task Category: Enterprise Single Sign-On
Level: Warning
Keywords: Classic
User: N/A
Computer: AAA123
Description:
SSO AUDIT
Function: GetConfigInfo ({234A7EB3-E3EE-4DCA-826C-5DAF9D29EF30})
Tracking ID: 53c47314-01b1-4ab4-b4a9-217b8596df86
Client Computer: AAA123 (BTSNTSvc.exe:8428)
Client User: DEVADMINsvcFTSBTHIADev
Application Name: {234A7EB3-E3EE-4DCA-826C-5DAF9D29EF30}
Error Code: 0xC0002A1F, Cannot perform encryption or decryption because the secret is not available from the master secret server. See the event log for related errors.
Event Xml:
10536
3
1
0x80000000000000
59151
Application
AAA123
GetConfigInfo ({234A7EB3-E3EE-4DCA-826C-5DAF9D29EF30})
53c47314-01b1-4ab4-b4a9-217b8596df86
AAA123 (BTSNTSvc.exe:8428)
DEVADMINsvcFTSBTHIADev
{234A7EB3-E3EE-4DCA-826C-5DAF9D29EF30}
0xC0002A1F, Cannot perform encryption or decryption because the secret is not available from the master secret server. See the event log for related errors.
Log Name: Application
Source: ENTSSO
Date: 02/09/2014 10:31:39
Event ID: 11016
Task Category: Enterprise Single Sign-On
Level: Error
Keywords: Classic
User: N/A
Computer: AAA123
Description:
The AuthzInitializeContextFromSid function failed with ERROR_ACCESS_DENIED. This means that the service account that the SSO server is running under does not have sufficient permissions to check group membership in Active Directory. Please check your documentation for details on how to fix this problem.
Event Xml:
11016
2
1
0x80000000000000
59161
Application
AAA123
Log Name: Application
Source: ENTSSO
Date: 02/09/2014 10:31:39
Event ID: 11008
Task Category: Enterprise Single Sign-On
Level: Warning
Keywords: Classic
User: N/A
Computer: AAA123
Description:
Check group membership failed.
Group Name: DEVADMINGGFTS SSO Administrators
Account Name: C42726
Additional Data: 644
Error Code: 0x80070005, Access is denied.
Event Xml:
11008
3
1
0x80000000000000
59162
Application
AAA123
DEVADMINGGFTS SSO Administrators
C42726
644
0x80070005, Access is denied.
Log Name: Application
Source: ENTSSO
Date: 02/09/2014 10:31:39
Event ID: 11042
Task Category: Enterprise Single Sign-On
Level: Warning
Keywords: Classic
User: N/A
Computer: AAA123
Description:
Access denied. The client user must be a member of one of the following accounts to perform this function.
SSO Administrators: DEVADMINGGFTS SSO Administrators
SSO Affiliate Administrators: DEVADMINGGFTS Affiliate Administrators
Application Administrators: DEVADMINGGFTS BizTalk Administrators
Application Users: DEVADMINGGFTS Biztalk I Host Users Group
Additional Data: ADMINC42726 {05C6B431-E358-4557-B998-6ED46D430AD4} WCF-CustomIsolated_RL_SABBSIsolatedHost_{05C6B431-E358-4557-B998-6ED46D430AD4}
Event Xml:
11042
3
1
0x80000000000000
59163
Application
AAA123
DEVADMINGGFTS SSO Administrators
DEVADMINGGFTS Affiliate Administrators
DEVADMINGGFTS BizTalk Administrators
DEVADMINGGFTS Biztalk I Host Users Group
ADMINC42726 {05C6B431-E358-4557-B998-6ED46D430AD4} WCF-CustomIsolated_RL_SABBSIsolatedHost_{05C6B431-E358-4557-B998-6ED46D430AD4}
Hi Girish,
At the first look it seems that the service account that the SSO server is running under does not have sufficient permissions to check group membership in Active Directory (http://msdn.microsoft.com/en-us/library/bb899075.aspx).
Or the master secret had somehow become corrupt, it can be restored thus:
1. In a command prompt, goto C:Program FilesCommon FilesEnterprise Single Sign-On
2. Enter “ssoConfig -restoresecret SSOxxxx.bak”, where xxxx is a BizTalk generated code”
3. Enter the password that was set on BizTalk installation.
Check also this thread for more info: http://social.msdn.microsoft.com/Forums/en-US/72c27ad4-bc10-4787-b785-1b7c97022588/cannot-perform-encryption-or-decryption-because-the-secret-is-not-available-from-the-master?forum=biztalkgeneral
Excellent pointer to a vexing issue …