none
SSO is not a Administrator RRS feed

  • Question

  • Hi,

    We have BizTalk and SQL server as a different server.

    We configured SQL server with ServerName\SQLInstance name with the domain users.

    Also configured BizTalk server with the Domain User and the configuration is successfully done.

    When i was opening the SSO Applicaiton Configuration, we got an error that you are not an administrator.

    But we logged in to the server with the Domain users and the BizTalk Groups including SSO Administrator, SSO Affliate Administrator group the domain user is the member. Still we are facing the issue. 

    SSO Application Configuration

    Then we found the SSO Administrator doesn't configured with the proper sql server name. Only the server name was listing but not the SQL Server name. pelase find the screenshot for the reference.

    I tried upgrade database by providing the SQL Server Instance name and got the below error.

    Is this is the problem because of the SQL Server name. We have configured the SQL Server as Servername\SQLInstanceName.

    Could you please help me to resolve the issue.


    Regards, Aboorva Raja R Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, November 10, 2015 8:46 PM

Answers

  • It is not about the account used to configure BizTalk or SQL. It is about the account that you're logged on as currently. For e.g.: take the following case. SQL Service account is TD\SQLService so on the SQL Server [SQLS01] SQL is running as TD\SQLService. My account is TD\Shankycheil and I'm the Domain and Local Admin on BTS01. I run BizTalk Config and use the account TD\BTSService as the service account for BizTalk Services, etc. The configuration will go through but when I access the SSO MMC I would get the same error.

    This is because TD\Shankycheil should be a member of the SSO Administrators and SSO Affiliate Administrators group. As a matter of fact TD\Shankcheil should be a member of the BizTalk Server Administrators group to able to access the BizTalk Console.

    Refer to https://msdn.microsoft.com/en-us/library/aa577661.aspx for the list of AD Groups and permissions required.

    Regards.

    • Proposed as answer by Angie Xu Tuesday, November 24, 2015 2:08 AM
    • Marked as answer by Angie Xu Wednesday, November 25, 2015 3:01 AM
    Wednesday, November 11, 2015 11:13 AM
  • Hi Aboorva,

    The domain Id from which you have logged into BizTalk Machine should be member of windows group SSO Administrators and SSO Affiliate Administrators group.

    I dont think you logged In user has previlage or group member of BizTalk windows group and that's the reason you are uanble to open the SSO MMC console .

    Hope this helps .

    Thanks
    Abhishek


    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply

    • Proposed as answer by Angie Xu Tuesday, November 24, 2015 2:07 AM
    • Marked as answer by Angie Xu Wednesday, November 25, 2015 3:01 AM
    Thursday, November 12, 2015 7:48 AM
  • BizTalk setup, the horror. Spend so many time setting this up correctly.

    Well, in my environment the name field also only contains the server name. The SQL Server field contains the server+instance name.

    You can try to get rid of the error message (User is not an SSO Administrator) to start the application using the SSO Windows Service account. You can find it in the Microsoft BizTalk Server Configuration tool under Enterprise SSO.

    Is every checkbox green in the Microsoft BizTalk Server Configuration tool ?

    You can also try to Unconfigure features in the Microsoft BizTalk Server Configuration tool and re-run the wizard. But I would suggest not to do that when you are further in the process of setting up your environment or every checkbox is green.


    Twitter | Blog | App-V Deployment Whitepaper | Microsoft Application Virtualization 5.1 eBook

    If you see a post that helped you please click Vote As Helpful and if it answered your question please click Mark As Answer.
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Angie Xu Tuesday, November 24, 2015 2:08 AM
    • Marked as answer by Angie Xu Wednesday, November 25, 2015 3:01 AM
    Tuesday, November 10, 2015 9:07 PM

All replies

  • BizTalk setup, the horror. Spend so many time setting this up correctly.

    Well, in my environment the name field also only contains the server name. The SQL Server field contains the server+instance name.

    You can try to get rid of the error message (User is not an SSO Administrator) to start the application using the SSO Windows Service account. You can find it in the Microsoft BizTalk Server Configuration tool under Enterprise SSO.

    Is every checkbox green in the Microsoft BizTalk Server Configuration tool ?

    You can also try to Unconfigure features in the Microsoft BizTalk Server Configuration tool and re-run the wizard. But I would suggest not to do that when you are further in the process of setting up your environment or every checkbox is green.


    Twitter | Blog | App-V Deployment Whitepaper | Microsoft Application Virtualization 5.1 eBook

    If you see a post that helped you please click Vote As Helpful and if it answered your question please click Mark As Answer.
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Angie Xu Tuesday, November 24, 2015 2:08 AM
    • Marked as answer by Angie Xu Wednesday, November 25, 2015 3:01 AM
    Tuesday, November 10, 2015 9:07 PM
  • It is not about the account used to configure BizTalk or SQL. It is about the account that you're logged on as currently. For e.g.: take the following case. SQL Service account is TD\SQLService so on the SQL Server [SQLS01] SQL is running as TD\SQLService. My account is TD\Shankycheil and I'm the Domain and Local Admin on BTS01. I run BizTalk Config and use the account TD\BTSService as the service account for BizTalk Services, etc. The configuration will go through but when I access the SSO MMC I would get the same error.

    This is because TD\Shankycheil should be a member of the SSO Administrators and SSO Affiliate Administrators group. As a matter of fact TD\Shankcheil should be a member of the BizTalk Server Administrators group to able to access the BizTalk Console.

    Refer to https://msdn.microsoft.com/en-us/library/aa577661.aspx for the list of AD Groups and permissions required.

    Regards.

    • Proposed as answer by Angie Xu Tuesday, November 24, 2015 2:08 AM
    • Marked as answer by Angie Xu Wednesday, November 25, 2015 3:01 AM
    Wednesday, November 11, 2015 11:13 AM
  • Hi Aboorva,

    The domain Id from which you have logged into BizTalk Machine should be member of windows group SSO Administrators and SSO Affiliate Administrators group.

    I dont think you logged In user has previlage or group member of BizTalk windows group and that's the reason you are uanble to open the SSO MMC console .

    Hope this helps .

    Thanks
    Abhishek


    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply

    • Proposed as answer by Angie Xu Tuesday, November 24, 2015 2:07 AM
    • Marked as answer by Angie Xu Wednesday, November 25, 2015 3:01 AM
    Thursday, November 12, 2015 7:48 AM
  • Hi Aboorva,

    The domain Id from which you have logged into BizTalk Machine should be member of windows group SSO Administrators and SSO Affiliate Administrators group.

    I dont think you logged In user has previlage or group member of BizTalk windows group and that's the reason you are uanble to open the SSO MMC console .

    Hope this helps .

    Thanks
    Abhishek


    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply

    That was my thought also . To avoid errors, the easiest is to run the application using the SSO Windows Service account.

    Twitter | Blog | App-V Deployment Whitepaper | Microsoft Application Virtualization 5.1 eBook

    If you see a post that helped you please click Vote As Helpful and if it answered your question please click Mark As Answer.
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, November 12, 2015 2:00 PM
  • Hi Aboorva,

    I also faced the same issue I resolved it after giving permisson to my login account in the below two groups

    SSO Administrators and SSO Affiliate Administrators group.

    After providing permission if still it does not work then just restart the system once.

    Refer https://msdn.microsoft.com/en-us/library/aa577661.aspx


    Regards, Sagar Kakde

    Friday, November 13, 2015 4:58 AM
  • Hi,

    In production we are using the Domain Accounts and Groups. All groups has the access in the production BizTalk server.

    Still we cant able to find out the issue.

    Friday, November 13, 2015 6:09 AM