Things to Consider while Changing BizTalk Server to Run Under a Different User Account

Recently, I had to change a BizTalk Server setup to run under a different user account. I ran into some issues with ENTSSO and master secret. Once I sorted those out, I thought of penning down my experiences for a quick ref check in case others need it to or in case I need it in the future.

Here are the steps:

  1. Configure the BizTalkServerApplication (and other host instances as required) to run under the new user account. You can do this from the BizTalk Server Administration console.
  2. Add the new account to the SSO Administrators group. If you don’t do this, the new user account won’t have the perms to start the ENTSSO service under the new user account.
  3. Change the ENTSSO service properties to start under the new user account.
  4. Change the SQL Server (MSSQLSERVER) service to run under the new user account.
  5. Change the SQL Server Agent (MSSQLSERVER) service to run under the new user account.
  6. Make sure all the services you modified the properties for are running.
  7. Because you added the new user to the SSO Administrators group, you may want to log in as the new user ( or have the new user log in) before performing the next step.
  8. Restore the master secret. Go to the command prompt and navigate to C:\Program Files\Common Files\Enterprise Single Sign-On.
  9. At the command prompt type:

ssoconfig –restoresecret SSO****.bak file

where **** is typically a set of numbers generated during BizTalk Server configuration.

That’s it. You are now done with having BizTalk Server run under the new user account.