DNS Aliases And DisableLoopbackCheck

It makes sense to employ CNAME records when configuring a BizTalk infrastructure. That is, SQL Server and Enterprise Single Sign-On Master Secret Server (ENTSSO MSS) DNS aliases. In the typical High Availability (HA) model SQL Server and the ENTSSO MSS are clustered and a Network Name and IP Address cluster resource exist for both of these entities. Some smaller implementations, transitioning or lower tier environments may not be HA but still take advantage of DNS aliases. For these non-HA environments the DisableLoopbackCheck will need to be activated to allow the ENTSSO MSS service to firstly start and secondly access and return the master secret to client services.

A few ways to determine if this setting applies to an implementation are:

1. SQL Server and ENTSSO MSS are not clustered and hosted on the same Windows 2003 SP1 (or greater) server;


2. The SQL environment has not been tuned as per the BizTalk database optimisation guidlines for Analysis Services;


3. You cannot open a session to the SQL instance through SQL Management Studio using the server's FQDN or DNS alias from a SQL server RDP or console session due to a 'login with user [blank]' error;


4. When executing ssoconfig -setdb SSODB on the master secret server you get an error that reads something like 'SQL Server instance not found';