Problem
The master secret is missing or corrupt. It normally generates during configuration. If the secret is missing, one of the following messages will display in the event log as the Enterprise Single Sign-On service starts.
MessageId=10520
Severity=Warning
SSO_WARN_NO_SECRETS
MessageId=10565
Severity=Error
SSO_ERROR_SECRET_VALIDATE_FAILED
MessageId=10521
Severity=Error
SSO_ERROR_SECRETS_NOT_LOADED
Cause
This problem can occur if a secret is generated while the Enterprise Single Sign-On service (SSO) was running under one service account, and then the service account was changed. The secret is stored in the registry in encrypted form, and is encrypted using a key based on the identity of the service account (which ENTSSO runs under).
Resolution
Change the service account ENTSSO is running under to the original service account when the master secret was created.
To change the ENTSSO service account:
- Back up the master secret. For more information, see How to Back Up the Master Secret (http://go.microsoft.com/fwlink/?LinkID=191831).
- Stop Enterprise Single Sign-On Services.
- Change the service account.
- Restart SSO and ignore any event log errors about a corrupted secret.
- Restore the master secret. For more information, see How to Restore the Master Secret (http://go.microsoft.com/fwlink/?LinkID=191832).