Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Software update information
A supported feature that modifies the default behavior of the product is available from Microsoft. However, this feature is intended to modify only the behavior that this article describes. Apply this feature only to systems that specifically require it. This feature might receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next software update that contains this feature.
If the feature is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the feature.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific feature. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the feature is available. If you do not see your language, it is because the feature is not available for that language.
File information
The English version of this software update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the
Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
------------------------------------------------------------
26-Jul-2005 00:18 4.0.125.0 71,168 Infocache.dll
26-Jul-2005 00:18 4.0.125.0 81,920 Ssolookupserver.dll
26-Jul-2005 00:18 4.0.125.0 60,928 Ssomappingserver.dll
26-Jul-2005 00:19 4.0.125.0 115,712 Ssopsserver.dll
16-Jun-2005 22:53 28,188 Ssox4.sql
Because of file dependencies, the most recent software update that contains
these files may also contain additional files.
After you apply the update, you can make the following configuration changes:
- You can configure offline SSO credential database detection.
- You can configure the credential cache time-out property to make the cache remain available until the ENTSSO service indicates that the SSO credential database is offline.
Configure offline SSO credential database detection
You can now configure the ENTSSO service to send more than 10 polls before the service indicates that the SSO credential database is offline. To do this, add the OfflineRetryCount registry entry to the following registry sub-key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ENTSSO
Then, set the registry entry for the number of polls that you want the ENTSSO service to send before the service indicates that the SSO credential database is offline.
To enable this feature, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ENTSSO
- Right-click ENTSSO, point to New, and then click Key.
- Type Runtime, and then press ENTER.
- Right-click Runtime, point to New, and then click DWORD Value.
- Type OfflineRetryCount, and then press ENTER.
- Double-click OfflineRetryCount, type the number of retries in the Value data box, and then click OK.
Note By default, the Base value uses Hexadecimal. If you want to enter the value in decimal, switch the Base setting to Decimal. - Quit Registry Editor.
- Stop and then restart the ENTSSO service.
The valid range for the OfflineRetryCount value is 10 through 4000 (decimal). If you enter a value that is less than 10, the default value of 10 will be used. If you enter a value that is more than 4000, the maximum value of 4000 will be used.
An OfflineRetryCount value of 10 means that if the connection to the SSO credential database is lost, the ENTSSO service will detect that the SSO credential database is offline after approximately 5 minutes. This time represents 10 polls at a 30-second poll interval. This setting is the default setting if you do not add the OfflineRetryCount value to the registry.
An OfflineRetryCount value of 4000 means that if the connection to the SSO credential database is lost, the ENTSSO service will not indicate that the database is offline for at least 33.33 hours. This time represents 4000 polls at 30-second poll intervals. The actual time here could be as long as 66 hours because the poll interval may extend past 30 seconds. Underlying error conditions may cause the poll interval to extend past 30 seconds when the SQL Server that is hosting the SSO credential database is unavailable.
When you are determining what OfflineRetryCount value to use in your environment, it may be best to assume that the poll interval is always 30 seconds. Therefore, you know the minimum time that the ENTSSO service will continue to operate before the service indicates that the SSO database is offline.
Configure the credential cache time-out property
When you have applied the update, the credential cache that the ENTSSO service uses will not be cleared immediately after the connection to the SSO credential database is lost. The ENTSSO service will continue to use the credential cache for SSO lookups until the ENTSSO service indicates that the SSO credential database is offline. If the OfflineRetryCount value is set to 10, the credential cache will still be used for 5 minutes. After 5 minutes, the ENTSSO service logs Event 10590 to indicate that the SSO credential database is offline.
The SSO credential database has a credential cache time-out property (
credCacheTimeout). By default, the
credCacheTimeout property is set to 60 minutes. User credentials that have been added to the credential cache will be automatically purged when the credential cache time-out is reached. If you set the OfflineRetryCount value so that the offline time-out is more than 60 minutes, you may want to increase the value of the
credCacheTimeout property. You can increase this value so that cached credentials are not automatically purged when the SSO credential database is offline. You may want to increase this value in case the database is offline for more than 60 minutes.
To change the
credCacheTimeout property value, run the following command at a command prompt in the Enterprise Single Sign-On directory (C:\Program Files\Common Files\Enterprise Single Sign-On):
ssomanage -updatedb update file
Note update file is a placeholder for an .xml file that contains the command to change the
credCacheTimeout property value. The following code sample shows what information the .xml file must include.
<SSO>
<globalInfo>
<credCacheTimeout>60</credCacheTimeout>
</globalInfo>
</SSO>
You can change the
credCacheTimeout property value from 60 to the time-out value, in minutes, that meets your requirements. The maximum value for the
credCacheTimeout property is 999,999,999. This value is the largest value that you can specify in the .xml file that you use to configure the SSO credential database.
The Enterprise Single Sign-On SDK contains a sample GlobalInfo.xml file that you can modify. This file is located in the following folder:
C:\Program Files\Common Files\Enterprise Single Sign-On\SDK\Samples\Manage
You can use the credential cache together with Host Integration Server 2004 applications such as Transaction Integrator (TI). Additionally, you can use the credential cache together with applications that access IBM DB2 by using the Host Integration Server 2004 Data Providers, and with other SNA applications.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
905399�
Host Integration Server 2004 applications that are configured to use the ENTSSO service do not use the credential cache for SSO lookup requests