When you try to add a user or Windows group to the Application Users group for an affiliate application in the Enterprise Single Sign-On (ENTSSO) service, you may experience one or more of the following symptoms:
The Add button is not available in the SSO Administration snap-in.
When you use the Ssomanage.exe command prompt utility, you receive an error message that resembles the following:
ERROR: 0x80070057: The parameter is incorrect.
Note ENTSSO is included with the products that are listed in the "Applies to" section.
A supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that is described in this article. Apply it only to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
To resolve this problem immediately, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft website:
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
After you apply the hotfix that is described in this article, the Application Users group that is used by affiliate applications can contain more than 100 accounts. Additionally, the cumulative number of characters in account names can exceed 1024.
Note The Application Administrators group is not changed when you install this hotfix. Therefore, the limitations that are described in the "Cause" section still apply to the Application Administrators group after you apply the hotfix.
This hotfix includes an SQL script that is named Ssox7.eql. The Ssox7.sql script alters the SSODB database by changing the al_user_group_name column in the SSOX_ApplicationInfo table. After you apply this hotfix, the al_user_group_name has the nvarchar (MAX) data type instead of nvarchar(1024).
Important The SQL script that is used by the ENTSSO administration and configuration tools to update the SSODB database is not updated when you apply this hotfix. Therefore, you must reapply this hotfix or run the Ssox7.sql script if you use the ENTSSO administration and configuration tools to change the configuration to use a new SSODB database.