Export (0) Print
Expand All

How to Change the Master Secret Server

After you set up the master secret server and configure the SSO database, you can change the master secret server if the original master secret server fails and cannot be recovered. To change the master secret server, you need to promote an SSO server to become the master secret server.

To change the Master Secret Server using the MMC Snap-in

  1. On the Start menu, click All Programs, click Microsoft Enterprise Single Sign-On, and then click SSO Administration.

  2. In the scope pane, right click System, and then click Properties. The Master secret server is displayed on the General tab of the SSO System Properties dialog box.

  3. Click Change to select a new Master secret server.

    ImportantImportant
    When using the MMC Snap-in to change the Master Secret Server, the operation must be performed on the Master Secret Server. It is not possible to change the Master Secret Server using the MMC Snap-in from a computer that is not the Master Secret Server.

  4. Logon to the new Master secret server to restore the Master secret to the registry of the new Master secret server.

  5. On the Start menu, click run, and then type cmd.

  6. At the command line prompt, go to the Enterprise Single Sign-On installation directory. The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  7. Restart the new Master Secret Server.

  8. Type ssoconfig –restoresecret <restore file>, where <restore file> is the path and name of the file where the master secret is stored.

    The master secret is stored in the registry at the following location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ENTSSO\SSOSS

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

To promote a Single Sign-On Server to master secret server using the command line

  1. Create an XML file that includes the name of the SSO server you want to promote to master secret server. For example,

    <sso>
      <globalInfo>
         <secretServer>SSO Server name</secretServer>
      </globalInfo>
    </sso>
    
    ImportantImportant
    To change the Master Secret Server from a computer that is not the Master Secret Server make sure that the specified XML file contains only the Master Secret Server name. Specifically, it should not contain the SSO Administrators XML tag or the ssomanage -updatedb operation will fail.

  2. On the Start menu, click run, and then type cmd.

  3. At the command line prompt, go to the Enterprise Single Sign-On installation directory. The default installation directory is <drive>:\Program Files\Common Files\Enterprise Single Sign-On.

  4. Type ssomanage –updatedb <update file>, where <update file> is the name of the XML file you create in step 1.

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

  5. Restart the Master Secret Server.

  6. Type ssoconfig –restoresecret <restore file>, where <restore file> is the path and name of the file where the master secret is stored.

    The master secret is stored in the registry at the following location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ENTSSO\SSOSS

    noteNote
    On a system that supports User Account Control (UAC), you may need to run the tool with Administrative privileges.

See Also

  © 2009 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft