0x800706D9 when contact a SSO master secret cluster

  • Article

Symptom:

==========

You may see the following warning event in a BizTalk machine.

Event Type: Warning

Event Source: ENTSSO

Event ID: 10536

Description:

SSO AUDIT

Function: GetConfigInfo

Tracking ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Client Computer: xxx.xxx.xxx (BTSNTSvc.exe:1234) Client User:
Domain\BizAdmin Application Name: { xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx } Error
Code: 0x800706D9, There are no more endpoints available from the endpoint
mapper.

If try to backup the master secret on the SSO master secret cluster, you
can get the below error:

C:\Program Files\Common Files\Enterprise Single Sign-On>ssoconfig -backupsecret
test.bak

Password : *******

Confirm Password : *******

Password reminder : 1234567

ERROR: 0xC0002A0F : Could not contact the SSO server 'sso-cluster'. Check that
SSO is configured and that the SSO service is running on that server.

(RPC: 0x800706D9: There are no more endpoints available from the endpoint
mapper.)

Cause:

===========

In the SSO master secret cluster environment, the RPC service
“SSOSecretServer” will not be registered successfully in the RPC endpoint
mapper if the local ENTSSO service is started on a node before the clustered
ENTSSO resource is brought online on this node.

For example, someone starts the local ENTSSO service from the service
control manager or some tool executes a command “net start ENTSSO” on a cluster
node.

In our case, we find there is a monitoring tool which periodically starts
the local ENTSSO service on both cluster nodes if it finds they are not
started, then the error will be reported when the cluster ENTSSO failover to
another node which the local ENTSSO service is already started. Using “rpcdump”
utility (the command “rpcdump -s <sso-cluster> -i”) or “portqry” utility
(the command “portqry -n <sso-cluster> -e 135”) could list the registered
RPC services in a RPC endpoint mapper. In this case, we only see the SSO
related RPC services
SSOMappingServer,SSOAdminServer,SSOLookupServer,SSOCSServer were registered but
SSOSecretServer.

Solution:

=========

Stop the local ENTSSO service on another node and failover the cluster SSO
to the node.

Configure the monitoring tool and stop to start the local ENTSSO service on
both cluster nodes.

Regards,

XiaoDong Zhu