SharePoint 2007 seems to have some real weirdness going on with configuring SSO. I’ve been setting it up in a test environment in a very simple way, using the farm administrator account for everything: Microsoft Single Sign-on Service account, Single Sign-On Administrator Account, Enterprise Application Definition Administrator Account, etc… Note that this is for testing only and is not best practice! Here are the problems I’ve found…
Weirdness #1: Error 0×80630005. Verify this account has sufficient permissions and try again.
Resolution: Log in to the server as the “Microsoft Single Sign-on Service” service account. As described by Frank Grossmann.
Weirdness #2: Error 0×8063064a. Verify this account has sufficient permissions and try again.
Resolution: Remote desktop to the server’s console (i.e. use mstsc /console) or physically log in to the server. As described by Dave Sobel. The Microsoft documentation for configuring SSO implies this but is not explicit:
Note that you must be logged into the SharePoint Central Administration Web site on a farm server to configure single sign-on (SSO) for Office SharePoint Server 2007. If you attempt to configure SSO on a workstation or any computer that is not a farm server, you will see an error message that reads “Single sign-on cannot be configured from this server. To configure single sign-on, go to the computer running the single sign-on service and specify these settings locally.”
I haven’t finished the configuration yet but hopefully there won’t be more problems. The best guide I’ve found is MOSS Single Sign On Setup Step-By-Step and beats what Microsoft provides.
Alex is a SharePoint and Project Server consultant, developer and administrator, contracting in London, United Kingdom.
