BizTalk Database SSO Permissions RRS feed

  • Question

  • We are upgrading from BizTalk 2006 R2 to BizTalk 2013 R2 running on Server 2012 and using SQL Server 2012.

    We have successful set up a dev environment and a test environment but having problems with a QA environment.  The biggest difference is the QA environment is a BizTalk 2 vm's farm and the SQL server is not located on the BizTalk server(s).   It is a different VM.

    Here is one error on the database.

    The AuthzInitializeContextFromSid function failed with ERROR_ACCESS_DENIED. This means that the service account that the SSO server is running under does not have sufficient permissions to check group membership in Active Directory. Please check your documentation for details on how to fix this problem.

    SSO service account is a domain account and is the BizTalk Servers Administrators , SSO Administrators and SSO Affiliate Administrators groups and other groups.


    James Nance

    Thursday, May 14, 2015 10:10 PM


  • When deploying in a multi-server environment

    I assume you are following the "Installing BizTalk Server 2013, 2013 R2, and BAM in a Multi-Computer Environment.htm" guide which can be downloaded from http://www.microsoft.com/en-in/download/details.aspx?id=35552

    • The error you're seeing is because the account you've specified for running the Enterprise Single Sign-on Service is not able to query the AD. This could happen if
      1. the account is a local account (not member of the domain)
      2. through GPO, the account permissions have be curtailed to prevent it from querying the AD.


    Friday, May 15, 2015 6:18 AM