configurationsingle-sign-onbiztalkwindows-clustering

BizTalk Server 2020 Single Sign On (SSO) not working on clustered environment


I've got the following set up of servers:

Server A & Server B = Microsoft BizTalk 2020 servers Server C & Server D = Microsoft SQL Server 2019 AlwaysOn Availability Group

I've set up a clustered MSDTC role and have installed Enterprise SSO on Server C & D. I've clustered the Enterprise SSO on Server C & D (Created the SSO System on Server C, changed the server name to the MSDTC cluster accesspoint and joined the SSO system on Server D, after which I restored the master secret on that server as well).

Everything seems to be in order so far.

However, when I try setting up BizTalk on Server A and I try to Join the existing SSO System and point it to the SQL AG Listener and provide the AD user that I've set up for EntSSO I get this error:

The SSO master secret server 'clus-msdtc' specified by the SSO database 'SSODB' on SQL Server 'clus-sql-ls' could not be found. Without the master secret server the SSO Service cannot operate correctly.

With a follow-up error stating:

(0xC0002A0F) Could not contact the SSO server '%1'. Check that SSO is configured and that the SSO service is running on that server

Which in turn has a sub error:

Could not contact SSO server 'clus-msdtc'. Check that SSO is configured and that the SSo service is running on that server. (RPC: 0x800706BA: The RPC server is unavailable)

I've tried pinging between Server A and Server C, Server A and Server D with DTCPing, works fine. The Enterprise SSO service is running and if I check the SSO Admin on Server C (the primary replica in the AG) it looks like this:

SS of SSO admin

Any ideas because mine are running thin right now.


Solution

  • After some long and arduous troubleshooting we've finally found the root cause which was an incorrectly configured load balancer in Azure that made it fail in all RPC and MSDTC calls.