Cannot perform encryption or decryption because the secret is not available from the master secret server

Another treasure from my blog backlog: Cannot perform encryption or decryption because the secret is not available from the master secret server. When analyzing a client environment, I noticed the existence of several warnings associated with Enterprise SSO that appear every time I try to perform operations like configuring or creating a port, import a binding and so on in the BizTalk Server Administration Console. The full error message was something like this:

SSO AUDIT

Function: GetConfigInfo ({C3BE4052-A328-4B33-A543-E29BB6BE25F7})
Tracking ID: f77a7e4f-e17d-47e7-9380-88ad8aaec935
Client Computer: computer-name (BTSNTSvc64.exe:53588)
Client User: domain\username
Application Name: {C3BE4052-A328-4B33-A543-E29BB6BE25F7}

Error Code: 0xC0002A1F, Cannot perform encryption or decryption because the secret is not available from the master secret server. See the event log for related errors.

BizTalk Server SSO: Cannot perform encryption or decryption

Cause

Normally these types of problems happen for two reasons:

  • The service account that the SSO server is running under does not have sufficient permissions to check group membership in Active Directory: http://msdn.microsoft.com/en-us/library/bb899075.aspx
  • Or for some reason, the master secret had somehow become corrupt and in this case, we need to restore it or reapply the master secret key.

Solution

The common way to solve this problem is:

  • Open a command prompt window;
  • In a command prompt, go to “C:\Program Files\Common Files\Enterprise Single Sign-On”
  • Enter “ssoConfig -restoresecret SSOxxxx.bak”, where xxxx is a BizTalk generated code
  • And finally, enter the password that was set on BizTalk installation

This will solve your problem. Of course, you mandatory need to have:

  • the SSOxxxx.bak master secret backup file;
  • and the file password;

without these, you are not able to do nothing and the only solution you will have is to configure from the scratch BizTalk Server again and lose all your existing configurations.

A second approach to solve this problem is:

  • Open the SSO Administration tool;
  • Select the option “System” under Enterprise Single Sign-on
  • And then right-click on “System” and then select “Restore Secret…” option

BizTalk Server SSO: Cannot perform encryption or decryption - SSO Administration

  • and select the master secret backup file (normally present in “C:\Program Files\Common Files\Enterprise Single Sign-On”) and type the password

BizTalk Server SSO: Cannot perform encryption or decryption - SSO Administration Properties

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community.

Leave a Reply

Your email address will not be published. Required fields are marked *

BizTalk360
BizTalk Server

Over 500+ customers across
30+ countries depend on BizTalk360

Learn More
Serverless360
Azure

Manage and monitor serverless
components effortlessly

Learn More
Atomicscope
Business Users

Monitor your Business Activity in iPaaS
or Hybrid integration solutions

Learn More

Back to Top