On one of our Windows clustered BizTalk 2013 installations, we got this error when failing over to a second node. The nodes were failing over previously without any issues except for this one occasion. It seems the Master Secret service was not able to start for some reason.
With the help of this blog post http://blogs.msdn.com/b/biztalkcpr/archive/2008/06/23/basic-troubleshooting-for-enterprise-single-sign-on-sso.aspx I was able to diagnose the issue with SSO after executing the following SSOCONFIG commands:
- -showDB : show the SQL Server and SSO database names
- -discover : discover SSO servers
- -status : display SSO server status
It seams the SSO on the second node was not part of the clustered resource any more. As a long shot, I decided to restart the MSDTC cluster resource first and then the Enterprise Single Sign-On service. And it worked , SSO on the second node was now clustered again.
After some more digging around, I found this article “The BizTalk, master ENTSSO, and MSDTC resources may require a long time to be brought online or are not bought online in BizTalk Server 2006 R2 if the BizTalk group moves to another node”. The article can be found here: https://support.microsoft.com/en-us/kb/2400571
Moving forward, we made the SSO cluster resource dependant on the MSDTC cluster resource and the BizTalk services dependant on the SSO resource.