0x800706D9 when contact a SSO master secret cluster

  • Article

 

Symptom:

==========

You may see the following warning event in a BizTalk machine.

Event Type: Warning

Event Source: ENTSSO

Event ID: 10536

Description:

SSO AUDIT

Function: GetConfigInfo

Tracking ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Client Computer: xxx.xxx.xxx (BTSNTSvc.exe:1234) Client User: Domain\BizAdmin Application Name: { xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx } Error Code: 0x800706D9, There are no more endpoints available from the endpoint mapper.

If try to backup the master secret on the SSO master secret cluster, you can get the below error:

C:\Program Files\Common Files\Enterprise Single Sign-On>ssoconfig -backupsecret test.bak
Password : *******
Confirm Password : *******
Password reminder : 1234567
ERROR: 0xC0002A0F : Could not contact the SSO server 'sso-cluster'. Check that SSO is configured and that the SSO service is running on that server.
(RPC: 0x800706D9: There are no more endpoints available from the endpoint mapper.)

Cause:

===========

In the SSO master secret cluster environment, the RPC service “SSOSecretServer” will not be registered successfully in the RPC endpoint mapper if the local ENTSSO service is started on a node before the clustered ENTSSO resource is brought online on this node.

For example, someone starts the local ENTSSO service from the service control manager or some tool executes a command “net start ENTSSO” on a cluster node.

In our case, we find there is a monitoring tool which periodically starts the local ENTSSO service on both cluster nodes if it finds they are not started, then the error will be reported when the cluster ENTSSO failover to another node which the local ENTSSO service is already started. Using “rpcdump” utility (the command “rpcdump -s <sso-cluster> -i”) or “portqry” utility (the command “portqry -n <sso-cluster> -e 135”) could list the registered RPC services in a RPC endpoint mapper. In this case, we only see the SSO related RPC services SSOMappingServer,SSOAdminServer,SSOLookupServer,SSOCSServer were registered but SSOSecretServer.

Solution:

=========

Stop the local ENTSSO service on another node and failover the cluster SSO to the node.

Configure the monitoring tool and stop to start the local ENTSSO service on both cluster nodes.

Regards,

XiaoDong Zhu