Updated recommendation

After you apply the hotfix in the "Resolution" section, the Enterprise Single Sign-On (ENTSSO) service experiences a memory leak. Therefore, we recommend that you install the later fix instead.

Symptoms

Consider the following scenario:

  • You have installed the Enterprise Single Sign-On (SSO) version 5 component that's included in Microsoft BizTalk Server 2013 R2 or Host Integration Server 2013.

  • In one of the following scenarios, you restore the master secret key from a backup file:

    • When you're setting up an Enterprise SSO cluster

    • During enterprise SSO disaster recovery

    • When you're promoting an Enterprise SSO server to the Master Secret Server (MSS)

    • During migration from an earlier version of Enterprise SSO

    • During an in-place upgrade from an earlier version of Enterprise SSO

    • When you're performing multiple Enterprise SSO V5 restore and backup sequences

After you restore the master secret key in any of these scenarios, Enterprise SSO cannot decrypt the data that's contained in the Enterprise SSO database. In this situation, Enterprise SSO logs the following event in the Application log:

Event ID: 10536Source: ENTSSOLevel: WarningSSO AUDIT Function: GetConfigInfo ({11111111-6055-4cda-89CD-389E8A2B1640}) Tracking ID: b084f15b-43fd-474e-a075-398943753c91 Client Computer: computer name (executable name:PID) Client User: username Application Name: application name Error Code: 0x80090005, Bad Data.Additionally, the following pop-up error may be logged when you open the BizTalk Server Administration MMC snap-in:

BizTalk Server Administration Bad Data. (WinMgmt) Buttons: OK

Cause

Enterprise SSO V5 adds a time stamp to the master secret key to limit the lifespan of the key. Additionally, a check was added to determine whether the master secret key includes a time stamp. The problem that's described in the "Symptoms" section occurs because the Enterprise SSO service incorrectly determines that the time stamp is missing when the master secret key is restored. Because a time stamp was added to the restored master secret key, the restored key does not match the key that's used to encrypt the data in the Enterprise SSO database. Therefore, the data cannot be decrypted, and this triggers the error messages that were described earlier.

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix to all Enterprise SSO V5 systems to prevent this problem, and to all systems that are already experiencing this problem. This hotfix requires no additional actions to prevent and resolve the problem.If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must have Enterprise Single Sign-On V5 (9.0.2096) installed.

Restart information

You may have to restart the computer after you apply this hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

32-bit (x86) version

File name

File version

File size

Date

Time

Platform

Infocache.dll

9.0.2187.0

130,536

01-Oct-2014

22:00

x86

Microsoft.enterprisesinglesignon.systemmmc.dll

9.0.2187.0

198,632

01-Oct-2014

22:00

x86

Ssoss.dll

9.0.2187.0

113,128

01-Oct-2014

22:00

x86

64-bit (x64) version

File name

File version

File size

Date

Time

Platform

Infocache.dll

9.0.2187.0

130,536

01-Oct-2014

22:00

x86

Microsoft.enterprisesinglesignon.systemmmc.dll

9.0.2187.0

198,632

01-Oct-2014

22:00

x86

Ssoss.dll

9.0.2187.0

113,128

01-Oct-2014

22:00

x86

Infocache.dll

9.0.2187.0

151,528

01-Oct-2014

22:00

x64

Microsoft.enterprisesinglesignon.systemmmc.dll

9.0.2187.0

198,632

01-Oct-2014

22:00

x86

Ssoss.dll

9.0.2187.0

124,392

01-Oct-2014

22:00

x64

Note Because of file dependencies, the most recent fix that contains these files may also contain additional files.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

You can apply this update to any Enterprise SSO Server that's experiencing the problem without requiring any additional changes. Additionally, this update should be applied to all Enterprise SSO V5 systems to prevent the problem when you perform a master secret key restore operation.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.