When you configure Microsoft BizTalk Server 2004 on a Microsoft Windows XP-based computer, you may receive the following error message:
Failed to generate the master secret (error code 0X80070005).
The following error message may also be logged in the Config log that is in the Temp folder:
Failed to generate the master secret (error code 0X80070005).
Return code number
This issue may occur if one of the following conditions is true:
- The computer name is not recognized and is not mapped to the IP address. This condition exists if the return code that is displayed in the Config log file is 2.
- The computer is a member of the workgroup. This issue may occur if the return code that is displayed in the Config log file is 4. By default, the following registry key is enabled. A DWORD value of 1 indicates the registry key is enabled.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ForceGuest
Therefore, the Security Support Provider Interface (SSPI) tries to log on by using the guest user account and fails.
To work around this issue, determine the return code in the Config log file, and then follow the steps that are appropriate for your situation.
The return code in the Config log file is 2
Use one of the following methods.
Method 1
Map the computer name to the IP address in the Hosts file. You can use Notepad to change the Hosts file. The Hosts file is in the following location:
Windows Folder\System32\Drivers\Etc
Method 2
Remove the computer from the domain.
The return code in the Config log file is 4
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756Â
(http://kbalertz.com/Feedback.aspx?kbNumber=322756/
)
How to back up and restore the registry in Windows
Set the
forceguest value in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
subkey to 0 (zero). To do this, follow these steps.
- Click Start, click Run, type regedit in the Open box, and then click OK.
- In Registry Editor, locate the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
subkey, right-click forceguest, click Modify, type 0, and then click OK. - Quit Registry Editor.
The following table indicates how the Security Support Provider Interface (SSPI) tries to log on according to the settings in the registry.
Collapse this tableExpand this table
| Registry value | Value | Status | Result |
| Forceguest | 1 | Enabled | The SSPI logs on by using the guest user account. |
| Forceguest | 0 | Disabled | The SSPI logs on as the user who is specified. |
If the guest account is enabled, the SSPI can log on successfully by using the guest account and any user credentials.
If the guest account is disabled, the SSPI logon fails regardless of whether you provide valid credentials. This is the default behavior in Windows XP in a peer-to-peer network.
For additional information about this issue, click the following article numbers to view the articles in the Microsoft Knowledge Base:
827918Â
(http://kbalertz.com/Feedback.aspx?kbNumber=827918/
)
Cannot install Commerce Server 2002 Developer Edition on Windows XP.
294355Â
(http://kbalertz.com/Feedback.aspx?kbNumber=294355/
)
Netdom.exe cannot join a Windows XP Professional-based computer to a domain
290403Â
(http://kbalertz.com/Feedback.aspx?kbNumber=290403/
)
How to set security in Windows XP Professional that is installed in a workgroup