locked
SSO Error When Creating Encryption Key RRS feed

  • Question

  • Hello All!

    I've been working this problem now for three days and haven't come across a solution.

    In a new MOSS 2007 SP3 installation, I get the following error when I try to create an encryption key with the "re-encrypt all credentials using the new encryption key" checked.

    The farm is pretty simple - 1 WFE w/MOSS 2007 SP3 on Win2008R2, SQL Server 2008R2 on Win2008R2

    Any help would be appreciated.

    Thanks!

    Thursday, May 31, 2012 1:14 AM

All replies

  • Hello JavaJack1,

    This could also be an issue http://support.microsoft.com/default.aspx?scid=kb;en-us;901203 whcih could help you.

    Before that please check with the logs on the SP-server by setting the logging to In Event throttling setting of CA, reporting level of event for SSO needs to be "Informational" to make log for key regeneration

    In short what happens is – when you select the re-encrypt all credentials by using the new encryption key option to re-encrypt credentials in a Single Sign-on (SSO) environment, the "IX_SSO_Credentials" index is renamed to "IX_SSO_Temp_Credentials." When the SSO database is queried, the query fails and you receive the exception error [0x80040e14]. Look into at the SSO database and validate the index name under the dbo.SSO_Credentials table.

    MOSS - When you select the Re-encrypt all credentials by using the new encryption key option to reencrypt credentials in a Single Sign-On (SSO) environment, the "IX_SSO_Credentials" index is renamed to "IX_SSO_Temp_Credentials." When the SSO database is queried, the query fails.
    KB Article Id: 932917

    Regards,

    Veera.

    Thursday, May 31, 2012 2:32 PM
  • Hi Veera!

    Thanks for the response.

    I had performed the fix in the KB article before I posted my original message but it did not fix the issue.

    I looked looked at the SSO database. I see one table named dbo.SSO_Credentials with an index of IX_SSO_Credentials and another table dbo.SSO_TempCredentials with an index of IX_SSO_TempCredentials

    Regards,

    JavaJack1

    Thursday, May 31, 2012 7:39 PM
  • Veera,

    Could the problem that I am having come from not having any data in the SSO tables?  Since this is a brand new implementation, SSO hasn't been used. I really shouldn't have to re-encrypt because there shouldn't be anything in the tables. If I generate the key without the checkbox being check, it runs without error.

    Regards.

    Thursday, May 31, 2012 11:38 PM