FIX: Enterprise Single Sign-On triggers event 10536 and error code 0x80090005

Updated recommendation

After you apply the hotfix in the "Resolution" section, the Enterprise Single Sign-On (ENTSSO) service experiences a memory leak. Therefore, we recommend that you install the later fix instead.
Symptoms
Consider the following scenario:
  • You have installed the Enterprise Single Sign-On (SSO) version 5 component that's included in Microsoft BizTalk Server 2013 R2 or Host Integration Server 2013. 
  • In one of the following scenarios, you restore the master secret key from a backup file:
    • When you're setting up an Enterprise SSO cluster
    • During enterprise SSO disaster recovery
    • When you're promoting an Enterprise SSO server to the Master Secret Server (MSS)
    • During migration from an earlier version of Enterprise SSO
    • During an in-place upgrade from an earlier version of Enterprise SSO
    • When you're performing multiple Enterprise SSO V5 restore and backup sequences
After you restore the master secret key in any of these scenarios, Enterprise SSO cannot decrypt the data that's contained in the Enterprise SSO database. In this situation, Enterprise SSO logs the following event in the Application log:
Event ID: 10536
Source: ENTSSO
Level: Warning
SSO AUDIT Function: GetConfigInfo ({11111111-6055-4cda-89CD-389E8A2B1640}) Tracking ID: b084f15b-43fd-474e-a075-398943753c91 Client Computer: computer name (executable name:PID) Client User: username Application Name: application name Error Code: 0x80090005, Bad Data.

Additionally, the following pop-up error may be logged when you open the BizTalk Server Administration MMC snap-in:
BizTalk Server Administration
Bad Data.
(WinMgmt)
Buttons:
OK
Cause
Enterprise SSO V5 adds a time stamp to the master secret key to limit the lifespan of the key. Additionally, a check was added to determine whether the master secret key includes a time stamp. The problem that's described in the "Symptoms" section occurs because the Enterprise SSO service incorrectly determines that the time stamp is missing when the master secret key is restored. Because a time stamp was added to the restored master secret key, the restored key does not match the key that's used to encrypt the data in the Enterprise SSO database. Therefore, the data cannot be decrypted, and this triggers the error messages that were described earlier.
Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix to all Enterprise SSO V5 systems to prevent this problem, and to all systems that are already experiencing this problem. This hotfix requires no additional actions to prevent and resolve the problem.

If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:

http://support.microsoft.com/contactus/?ws=support

Note The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must have Enterprise Single Sign-On V5 (9.0.2096) installed.

Restart information

You may have to restart the computer after you apply this hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

32-bit (x86) version
File nameFile versionFile sizeDateTimePlatform
Infocache.dll9.0.2187.0130,53601-Oct-201422:00x86
Microsoft.enterprisesinglesignon.systemmmc.dll9.0.2187.0198,63201-Oct-201422:00x86
Ssoss.dll9.0.2187.0113,12801-Oct-201422:00x86
64-bit (x64) version
File nameFile versionFile sizeDateTimePlatform
Infocache.dll9.0.2187.0130,53601-Oct-201422:00x86
Microsoft.enterprisesinglesignon.systemmmc.dll9.0.2187.0198,63201-Oct-201422:00x86
Ssoss.dll9.0.2187.0113,12801-Oct-201422:00x86
Infocache.dll9.0.2187.0151,52801-Oct-201422:00x64
Microsoft.enterprisesinglesignon.systemmmc.dll9.0.2187.0198,63201-Oct-201422:00x86
Ssoss.dll9.0.2187.0124,39201-Oct-201422:00x64

Note
Because of file dependencies, the most recent fix that contains these files may also contain additional files.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
You can apply this update to any Enterprise SSO Server that's experiencing the problem without requiring any additional changes. Additionally, this update should be applied to all Enterprise SSO V5 systems to prevent the problem when you perform a master secret key restore operation.
Properties

Article ID: 3000847 - Last Review: 02/18/2016 21:10:00 - Revision: 3.0

Microsoft Host Integration Server 2013, Microsoft BizTalk Server 2013 R2 Branch, Microsoft BizTalk Server 2013 R2 Developer, Microsoft BizTalk Server 2013 R2 Enterprise, Microsoft BizTalk Server 2013 R2 Standard

  • kbautohotfix kbqfe kbhotfixserver kbfix KB3000847
Feedback