Following error message can be found in event log when user account changed, under which SSO service is running.
The secret could not be loaded from the registry. The service account for the SSO service may have been changed or the secret may be corrupted. Restore the secret from a backup file.
Resolution: Restore the master secret.
At the command line, go to the Enterprise Single Sign-On installation directory. The default installation directory is :\Program Files\Common Files\Enterprise Single Sign-On.
ssoconfig –restoresecret restorefile
where restorefile is the path and name of the file where the master secret is stored.
For generating new secret, use following command:
ssoconfig –generatesecret backupfile
where backupfile is the file, that will be created.
Good approach is, always take a backup of master secret before changing user of SSO Service. Then change user and restore master secret. Use the followng command for taking backup of master secret.
ssoconfig -backupsecret backupfile