Thursday, October 01, 2009 8:30 AM Mikael Sand

Failed to create the master secret file…Why do these things always happen to me?

Sometimes I think there is a grand conspiracy on my part. Somewhere deep within the windows core code there is a line like

if ( Instance.RegisteredUser = "Mikael Sand" )
    GenerallyFThingsUp();

And then I just remember that it probably is my own fault.

There is a strange BUG when you install BizTalk in a single server environment on a virtual machine. Strange being the operative word here. You get this error

Failed to generate and backup the master secret to file: C:\Program Files\Common Files\Enterprise Single Sign-On\SSO0FAB.bak (SSO) Additional Information (0x80070005) Access is Denied.

So what happens is that the SSO Administrators group is never created during install (note that all other groups are created). No SSO Admin group = Unsuccessful authentication = Access is Denied.

The solution is simple though:

  1. Unconfigure BizTalk and delete the SSODB and BusinessRulesDB. The wizard does not delete them.
  2. Now create the SSO Administrators group manually and add the install account and the BizTalk Service Account to it.
  3. Log out and log back in. Restart the installation.

As commenter Jonathan Schellack points out this seems to be a problem in the 2010 version as well, so if you are trying to install the 2010 version, you might get this problem as well.
I have personally never experienced this problem either with the 2010 nor the 2009 version, except for that time that triggered me to write this post, so it is really hard to replicate.

If you look in the log following the failed installation you will only get an error stating that the group could not be created and then the installation quits. This does not seem to be a BizTalk installation issue but rather something to do with Windows it self.

Filed under: ,

Comments

# re: Failed to create the master secret file…Why do these things always happen to me?

Wednesday, October 28, 2009 8:26 PM by Martin Bring

Same thing happend to me yesterday and I am now able to solve it thanks to you.

I also noticed that the SSO Admin group did not get created, but I would never have solved it on my own.

Thank you very much!

# re: Failed to create the master secret file…Why do these things always happen to me?

Wednesday, February 10, 2010 1:55 PM by M. Kangas

Thank you!

Helped my problem also.

# re: Failed to create the master secret file…Why do these things always happen to me?

Monday, May 17, 2010 6:47 PM by Bart Verthé

you sir, just saved my day !

# BizTalking » Blog Archive » Failed to generate and backup the master secret to file

Pingback from  BizTalking  » Blog Archive   » Failed to generate and backup the master secret to file

# re: Failed to create the master secret file…Why do these things always happen to me?

Wednesday, September 29, 2010 10:41 PM by Jonathan Schellack

Sadly, this same bug exists in the BizTalk 2010 version too :-(

I had to manually create all of the BizTalk groups:

BizTalk Application Users

BizTalk Isolated Host Users

BizTalk Server Administrators

BizTalk Server B2B Operators

SSO Administrators

SSO Affiliate Administrators

Then I had to make sure that I was in the two * Adminstrators groups and that the BizTalk user account was in the SSO Administrators and * Users groups.

I was thinking in this direction when I saw this error in the event log:

Access denied. The client user must be a member of one of the following accounts to perform this function.

SSO Administrators: SSO Administrators

SSO Affiliate Administrators: -

Application Administrators: -

Application Users: -

[I think I had already manually created the SSO Administrators group, but apparently I needed to create them all]

... but your blog post cemented this for me. Thanks!

[This is news to me and I will look in to it]

# SSO Configuration Road Block « benCode

Wednesday, November 24, 2010 3:03 AM by SSO Configuration Road Block « benCode

Pingback from  SSO Configuration Road Block « benCode

# SSO Configuration Road Block « benCode

Wednesday, November 24, 2010 3:03 AM by SSO Configuration Road Block « benCode

Pingback from  SSO Configuration Road Block « benCode

# re: Failed to create the master secret file…Why do these things always happen to me?

Monday, October 15, 2012 7:31 AM by Jeremy

Thank you, Thank you, Thank you!

Mikael: You are welcome :-)

# re: Failed to create the master secret file…Why do these things always happen to me?

Thursday, October 18, 2012 7:47 PM by Vishal

I like this justification:

if ( Instance.RegisteredUser = "Vishal Mody" )

   GenerallyFThingsUp();