The master secret is missing or corrupt. It normally generates during configuration. If the secret is missing, one of the following messages will display in the event log as the Enterprise Single Sign-On service starts.
This problem can occur if a secret is generated while the Enterprise Single Sign-On service (SSO) was running under one service account, and then the service account was changed. The secret is stored in the registry in encrypted form, and is encrypted using a key based on the identity of the service account (which ENTSSO runs under).
Change the service account ENTSSO is running under to the original service account when the master secret was created.
To change the ENTSSO service account:
- Back up the master secret. For more information, see How to Back Up the Master Secret (http://go.microsoft.com/fwlink/?LinkID=191831).
- Stop Enterprise Single Sign-On Services.
- Change the service account.
- Restart SSO and ignore any event log errors about a corrupted secret.
- Restore the master secret. For more information, see How to Restore the Master Secret (http://go.microsoft.com/fwlink/?LinkID=191832).