Installing BizTalk on Windows 7 with local accounts - biztalk

In a Dev environment, I'm try to install BizTalk on windows 7 with local accounts. The PC is not part of a domain. The install goes fine, and I've followed the msdn documentation for BizTalk on windows 7. SSO is the first thing that fails when I try and run the BizTalk configuration utility.
It created the SSODB database, built the tables, etc. but the SSO configuration failed. I see errors in the event log like:
SSO AUDIT
Function: GetApplications2
Tracking ID: a9b83ad5-1f05-407f-9d0b-63b4e4acd7d5
Client Computer: VM-BizTalk (mmc.exe:3572)
Client User: VM-BizTalk\Jeremy
Application Name: -
Error Code: 0xC0002A02, The SSO system is currently disabled.
The SSO service is running under a local account. This is not recommended and will limit the functionality of SSO. See your documentation for details.
SSO Service Account: VM-BizTalk
Access denied. The client user must be a member of one of the following accounts to perform this function.
SSO Administrators: SSO Administrators
SSO Affiliate Administrators: -
Application Administrators: -
Application Users: -
Additional Data: VM-BizTalk\Jeremy
Secret server access denied.
Client User: VM-BizTalk\Jeremy
Both the sso service account and my account are part of the SSO administrators group (local accounts and groups).

Well, I did a little more digging, and found an additional error in the BizTalk Configuration log file:
Failed to generate and backup the master secret to file: C:\Program Files\Common Files\Enterprise Single Sign-On\SSO0FAB.bak (SSO) Additional Information (0x80070005) Access is Denied.
Searching this error I discovered a blog entry:
http://blogical.se/blogs/mikael_sand/archive/2009/10/01/failed-to-create-the-master-secret-file-why-do-these-things-always-happen-to-me.aspx?CommentPosted=true#commentmessage
Which advises this solution:
Unconfigure BizTalk and delete the SSODB and BusinessRulesDB. The wizard does not delete them.
Now create the SSO Administrators group manually and add the install account and the BizTalk Service Account to it.
Log out and log back in. Restart the installation.
I did the above steps. Additionaly, after step 2 I re-ran the BizTalk install, chose repair, then went through the install process which took me though the configuration steps and finally a successful configuration!

Related

Unable to publish an ASP.NET webpage on an Azure VM running on Windows server 2016 database

Hi I am trying to deploy a website on an Azure VM and I already set all the configuration for make a deployment but this error appears when I tried to publish:
Error Web deployment task failed. (You connected to the remote computer ("saveci1.westus.cloudapp.azure.com") using the Web Administration Service, but it could not be authorized. Make sure you are using the correct username and password, that the site the one you are connecting to exists and that the credentials represent a user who has permissions to access this site.Get more information at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator.
Error details:
You connected to the remote computer ("saveci1.westus.cloudapp.azure.com") through the Web Administration Service, but could not be authorized. Make sure you are using the correct username and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access this site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.
Remote server error: (401) Not authorized. PoC 0
I follow all the steps from here https://github.com/aspnet/Tooling/blob/AspNetVMs/docs/create-asp-net-vm-with-webdeploy.md
Could you please check if is there any IP restriction configured for the resource group in Azure portal as it could be the reason.
Also i would suggest you to put a fiddler and trace the request which is causing the failure.
please check if you are behind any proxy, if yest then try to connect to a network that does not require this SSO through the proxy or use one of the many other ways to publish that do not require an SSO connection from your machine such as, FTP, VSTS, Git etc… and try to deploy it. Most of the time proxies are the reason which could cause failure in deployment.
As a workaround you could ftp to the site & do deployment via that method .
Hope it helps.

Permissions necessary to web deploy to IIS site

What permissions are necessary for a user to use web deploy to IIS running on a different server?
When I try to deploy from VS 2010 using that users credentials, I get the below error.
Error 36 Web deployment task failed.(Remote agent (URL https://server:8172/msdeploy.axd?site=site.name.com) could not be contacted. Make sure the remote agent service is installed and started on the target computer.)
Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator.
Error details:
Remote agent (URL https://server:8172/msdeploy.axd?site=site.name.com) could not be contacted. Make sure the remote agent service is installed and started on the target computer.
An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected.
The remote server returned an error: (401) Unauthorized. C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets
I am able to use web deploy when I use my domain account (e.g. domain\user) with the following publish arguments.
My domain account is an administrator on the destination server, but granting the service account full admin privileges is not an option.
The user must have the following permissions.
Read/Write permissions on the site folder directory
WDeployConfigWriter and WDeployAdmin must be configured to have their password never expire and user cannot change password like the below screenshot
The account that runs the build should be enabled under IIS Manager Users
The account that the build runs under must have permissions to the site under IIS Manager Permissions
Configure Management Service
Configure Management Service Delegation like the below
Useful reference
Web Deploy 3.0 infuriating 401 error on publish
The user that the account runs under should be a Power User and must have full control permissions to the folder that the destination iis site is running from.

How to give permission to Network service to install certificate in certificate store

We have developed a ASP.Net application. My apppool is running under Network Service Identify.Throug code we need to install a certificate. As my app pool is running with Network Service Privilages, it is throwing cryptographic exception "Access Denied".
I've tried the following option:
Given Full permissions to Network Service for the following path:
"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys"
installed and the below tool to give permission to network service.
WinHttpCertCfg.exe
Not able to give permissions to Certificate Root. This tool is only helpful to give permission to access a specific certificate.
Please help me on resolving this issue.
According to article found at msdn
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384088(v=vs.85).aspx
It says:
Note The user must have sufficient privileges to use this tool, which requires the user to be an administrator and the same user who installed the client certificate, if installed.
So check if network service is member of local administrators group.
whole story
ASP.net permissions to root certificate store
download WCF sample projects from the link below and compile FindPrivatekey project. ( tips: Add reference system.security otherwise you will catch a undefine X509Certificate2UI function error )
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21459

ERROR: Could not contact the SSO server

I'm getting the following error on my dev machine when attempting to manage SSO settings:
ERROR: 0xC0002A0F : Could not contact the SSO server 'SSODB'. Check that SSO is
configured and that the SSO service is running on that server.
The Enterprise Single Sign-On Service, RPC service, and COM+ System Application service were all started when I checked, but I gave them a restart anyway and it didn't fix the problem. I can access the SSODB through SSMS.
I unconfigured SSO through BizTalk and reconfigured it (successfully). Alas, this also did not help.
SSO was previously working fine. I did notice this morning upon reboot that my browser home page was reset back to our corporate site (meaning something may have been pushed to machine this morning when I signed on) but no one else on my team is experiencing the same issues.
I'm not sure what to try next. Anyone have any ideas?
So, is SSO still working for BizTalk? If so, this might just be a simple user level config issue for SSO. based on the browser info, some user local settings may have been messed up. Try this:
CD to "C:\Program Files\Common Files\Enterprise Single Sign-On" Use administrator privileges
Type: ssomanage -server [SSO Server Name Here]
This will reset the SSO Server name for your user account.

BizTalk Enterprise Single Sign-On Service problem

I recently had to change my active directory account password.
Ever since then I am unable to deploy BizTalk projects or put my Receive Locations in the stop state (Sendports & orchestrations is fine).
I noticed that my Enterprise Single Sign-On Service isn't running, if I try to start the service it complains about a login failure.
The thing is, you would think that it used my account to start this service and that it can't login anymore because of some old password or something. However I run the service with another user, namely: BiztalkUser. This user is set on the service and u can also see him in the biztalk server configuration.
Anyone have any ideas what I have to do? Cuz I can't do much anymore now.
The procedures for changing service accounts and password is clearly documented by Microsoft http://msdn.microsoft.com/en-us/library/aa561505(BTS.10).aspx please follow the steps outlined under "Enterprise Single Sign-On Service on Master Secret Server" to correct your issue.
I agreed with the first paragraph of answer 1. That would be the first option I would look to correct the problem. The second option would be, restoring the master secret server.
See below;
Open a command prompt - Navigate to C:\Program Files\Common Files\Enterprise Single Sign-On\
Type in command - ssoconfig -restoresecret SSOXXXX.bak
(Where XXXX is a randomly generated name created with SSO was installed. This is the SSO back-up file)
Enter the password - (Again you entered/created/accepted this when configuring SSO in the BizTalk configuration.)
Additionally you should create a new backup file if you have changed the account the SSO service runs under.
To create a new back-up file - ssoconfig -backupsecret latestbackup.dat
If SSO is running under your account and it stopped working when you changed the password, you need to update your password on the service's credentials. You can do this in the serivces control panel. If you have other BizTalk items running under your account, you will need to update them as well... host instances, application pools, etc.
BizTalk User may not not have the necessary permission to run SSO. I'd suggest put the account back in that worked. Comb the error log for other messages to help you diagnose th eproblem. For furtherhelp, I'd suggest posting more specific details of your current problem here (ie. Error Messages, Log Files, etc.).

Resources