Move of SSO encryption key service fails…


Today I’ll post another nice issue that may appear in your farm 😉

Description:

You try to move the encryption-key server role to the index server as suggested in out article  http://technet.microsoft.com/en-us/library/cc262305.aspx 

"The encryption-key server should be an application server computer, such as the index server"

The same article described the scenario "how to move the role to a different server":

[…] Move the encryption-key server role to a different server computer 

1. Back up the encryption key
2. Disable the Single Sign-On service on all computers in - the farm
3. Log on to the new encryption-key server
4. Start the Single Sign-On service
5. Configure SSO farm-level settings in the Central Administration site. Specify the existing SSO database
6. Restore the encryption key
7. Start the Single Sign-On service on all Web server computers in the server farm.  […]

Result:

You may be still not able to configure the encryption-key server on the index server. In the central administration only the old server is displayed and configurable and the move of SSO encryption service failed.

Cause:

The encryption-key server can only be configured on a WFE running the Central Administration. 

Resolution:

  1. Back up the encryption key
  2. Disable the Single Sign-On service on all computers in the farm
  3. Log on to the new encryption-key server (the Index server in this case)
  4. run PSConfig and configure the Index Server to host the Central Admin
  6. Start the Single Sign-On service
  7. Browse to http://indexserver:XXXXX (to access the central Admin on this server)
  8. Configure SSO farm-level settings. Specify the existing SSO database
  9. Restore the encryption key
10. Start the Single Sign-On service on all Web server computers in the server farm

Now you should be fine 😉

Steve Chen  from a daily business in SharePoint Support…

Comments (0)

Skip to main content