Trusted MySite Host Location

How often can one make a change in Development that blows up Production?  Within the User Profile Service Application one can configure the MySite Host Location.  However watch out, as I made a change in a Dev environment that propogated and affected all Production users.

In Dev, I set the Trusted Host Location without setting a target audience.  This broadcast to all farms (including Production) that this location should be the default.  Users attempting to go to their MySite were instantly redirected to Dev!  Of course DNS and Production didn’t offer a clue.  Removing the Trusted Host location in Dev eliminated the problem.

In a related annoyance, the My Site Host location in Setup MySite defaults back to the Default Zone for the MySite web app.  With AAM set up correctly, it will change any entry back to the default zone.  So to change the MySite Host Location, it seems I’ll need to rebuild the web app with the desired default MySite URL.  Not too convenient since I have quite a few Web App custom settings such as Maximum file upload size and Super User Publishing Cache account definitions.

Secure Store Master Key error

Don’t you hate mysterious scary errors?  How about this one?

A critical incident has occurred where Secure Store service application errored out because the master encryption key was not found.

Another error:
The Microsoft Secure Store Service application Secure Store Services failed to retrieve the master secret key.  The error returned was: ‘Unable to obtain master key.

While obscure, this was easily solved. It seems the Secure Store Service encrypts the database of credentials.  When a new server joins the farm, it doesn’t yet have the decryption key.  Hence the above error occurs when the Secure Store Service is started on the newly joined farm server.

To fix it, in Central Admin, go to the Manage Service Applications, select Secure Store Service and click on “Refresh Key”.  This propagates the key to all servers.  I did a Generate New Key for good measure, requiring a Passphrase (entered twice, of sufficient complexity).  I waited a minute for it to propagate, and started the service on the server, and checked ULS logs to confirm all was well in my happy farm.  With my small set of Secure Store Application IDs (ten or so) my Secure Store database size was around 11MB, comparatively tiny.  Then again, how much space could a dozen credentials take up?