Primary SSO server failed.The external credential in SSO database are more recent RRS feed

  • Question

  • I am getting following error when I try to change diable my receive location in one of biztalk application. All other application works fine but only one getting following error.I try to stop that application for delete but still get same error. Let me know what I can do? Exact error is 

    Could not store transport type data for Receive Location 'RecvLoc832IN' to config store. Primary SSO Server 'BT-APP-DEV01' failed. The external credentials in the SSO database are more recent.

    Please help how I can resolve it?

    Wednesday, July 8, 2015 11:06 PM

All replies

  • Hi,
    This "The external credentials in the SSO database are more recent."error arises when the system date is not correct.
     Run the following query in SSODB database.

    select dateadd(m,-1,ec_timestamp),* from SSODB..SSOX_ExternalCredentials
    where datediff(m,ec_timestamp,getdate())<>0

    select dateadd(year,-1,ec_timestamp),* from SSODB..SSOX_ExternalCredentials
    where datediff(year,ec_timestamp,getdate())<>0

     If any rows are retrieved then there has been some changes in the system date. Run the following query in case any rows are retrieved in the first case.

    update SSODB..SSOX_ExternalCredentials set ec_timestamp = dateadd(m,-1,ec_timestamp) where datediff(m,ec_timestamp,getdate())<>0

    update SSODB..SSOX_ExternalCredentials set ec_timestamp = dateadd(year,-1,ec_timestamp) where datediff(year,ec_timestamp,getdate())<>0
    Now restart Host Instances and continue with the application.







    Thursday, July 9, 2015 3:23 AM
  • Thanks Abhishek

    I tried this option before putting question here.Let me know if I am missing some.

    I run first query got more than 200 records

    Run second query got around 180 records

    Run third and fourth query shows above records updated.

    Then I restart host instance and check again but still same issue.

    I really stuck due to this. Please help me to resolve 

    Thursday, July 9, 2015 2:50 PM
  • Did you check if the Enterprise Single Sign-On Service is running on your SSO Primary? If you open the SSO Console and navigate to the servers section do you see your Primary Online ?

    IMHO you should be focusing on why your Primary is not available?


    Thursday, July 9, 2015 2:59 PM
  • Under server I can not see any thing. It just says "There is no items to show in this view".

    But when I check other environment where things are fine I get same. So not sure what exactly you want me to try here.

    Thursday, July 9, 2015 3:10 PM
  • If you right-click servers you'd get an option "Discover" which when clicked should get you a list of all the SSO Servers configured for the group in your environment. For starters it should list all the BizTalk front-ends you have...

    In that list one server should show as "Master" and should be online.


    Thursday, July 9, 2015 3:16 PM
  • I can see my server there but which column should be master there?I can see status as online

    SSO server as server name

    Password sync  as none

    Again it is same on my other environment where I do not have any problem.

    Thursday, July 9, 2015 3:37 PM
  • There a few columns and the primary definitely shows there (you might want to run through the columns and expand them). Alternatively refer https://msdn.microsoft.com/en-us/library/aa547384.aspx and run the command (run as admin) ssomanage -displaydb the output of which should tell you the master secret.

    Alternatively, you can stop and start the "Enterprise Single Sign-on service" and monitor the ENTSSO events where it'd tell you if it has been able to contact the master and retrieve the secret.


    Thursday, July 9, 2015 3:48 PM
  • I will try it. One question I know when it started giving this problem. Do you think it will work if I restore backup of SSODB, before it started giving problem?

    Do restoring only SSODB will help or do I need to restore some other DB too.

    I have daily backup for DB so I can do that if any body can say it could be option.

    Friday, July 10, 2015 3:43 PM