Today I’ll post another nice issue that may appear in your farm 😉
Description:
You try to move the encryption-key server role to the index server as suggested in out article http://technet.microsoft.com/en-us/library/cc262305.aspx
“The encryption-key server should be an application server computer, such as the index server”
The same article described the scenario “how to move the role to a different server”:
[…] Move the encryption-key server role to a different server computer
1. Back up the encryption key
2. Disable the Single Sign-On service on all computers in – the farm
3. Log on to the new encryption-key server
4. Start the Single Sign-On service
5. Configure SSO farm-level settings in the Central Administration site. Specify the existing SSO database
6. Restore the encryption key
7. Start the Single Sign-On service on all Web server computers in the server farm. […]
Result:
You may be still not able to configure the encryption-key server on the index server. In the central administration only the old server is displayed and configurable and the move of SSO encryption service failed.
Cause:
The encryption-key server can only be configured on a WFE running the Central Administration.
Resolution:
1. Back up the encryption key
2. Disable the Single Sign-On service on all computers in the farm
3. Log on to the new encryption-key server (the Index server in this case)
4. run PSConfig and configure the Index Server to host the Central Admin
6. Start the Single Sign-On service
7. Browse to http://indexserver:XXXXX (to access the central Admin on this server)
8. Configure SSO farm-level settings. Specify the existing SSO database
9. Restore the encryption key
10. Start the Single Sign-On service on all Web server computers in the server farm
Now you should be fine 😉
Steve Chen from a daily business in SharePoint Support…