Getting message "The key 'NS.WebServiceCredential' does not exist"
search cancel

Getting message "The key 'NS.WebServiceCredential' does not exist"

book

Article ID: 155774

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

During Replication, the following warning message is noticed in the NS Logs:

Description: A non-fatal exception occured during replication. The replication job will be restarted from the last check point. (JobID: e4b9b943-fc4a-47f4-b1f8-38566c95f476, Exception: Altiris.NS.Security.Cryptography.KeyNotFoundException: The key 'NS.WebServiceCredential' does not exist.

As well, when trying to Edit the settings for one of your Child Notification Servers's (Under Settings>Notification Server>Hierarchy>Right-click>Edit on parent node under the Topology tab), you get an error page and the NS logs shows an error referring to this missing KMS key.

Also Unable to perform replication from NS server.

Priority: 2
Date: 1/16/2012 10:26:50 AM
Tick Count: 428406468
Host Name: SMPServer01
Process: AeXSvc (6516)
Thread ID: 152
Module: AeXSVC.exe
Source: ReplicationJobThread
Description: A non-fatal exception occured during replication. The replication job will be restarted from the last check point. (JobID: e4b9b943-fc4a-47f4-b1f8-38566c95f476, Exception: Altiris.NS.Security.Cryptography.KeyNotFoundException: The key 'NS.WebServiceCredential' does not exist.

   at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetKey(String name)
   at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetKeyWithImpersonation(String name)
   at Altiris.NS.Utilities.WebServiceCredential.Decrypt(String value)
   at Altiris.NS.Utilities.WebServiceCredential.ToNetworkCredential()
   at Altiris.NS.Replication.ReplicationJobHelper.GetWebServiceProxy(String service, ServerReplicationSettings settings)
   at Altiris.NS.Replication.ReplicationJobHelper.GetWebServiceProxy(String service, ReplicationSettings settings, ReplicationEndpoint endpoint)
   at Altiris.NS.Replication.ReplicationJobHelper.GetWebServiceProxy(String service, String urlNS, Nullable`1 timeout, WebServiceCredential credential)
   at Altiris.NS.Replication.ReplicationServersInfo..ctor(SerializationScope scope, String remoteNSUrl, Nullable`1 remoteTimeout, WebServiceCredential remoteCredential)
   at Altiris.NS.Replication.ReplicationServersInfo.GetServerInfo(ReplicationJob jobItem, Boolean getSource)
   at Altiris.NS.Replication.DestinationReplicationJobWorker.ProcessJob(ReplicationJob jobItem)
   at Altiris.NS.Replication.ReplicationJobThread.ProcessJob())

Environment

ITMS 7.x, 8.x

Cause

In this particular instance, the customer was missing the 'NS.WebServiceCredential' key under the "C:\ProgramData\Symantec\SMP\KMS" folder. These KMS keys are usually created during the initial installation of the SMP.

Resolution

You can't just copy and paste over the KMS keys from another SMP. Those will not match.

There are two possible ways to get those missing KMS keys recreated:
1. Use SIM to import this key from another server. See KB 174996 "Backing up and restoring Notification Server KMS encryption keys"
In one particular case we backed up the KMS keys from the parent NS and exported its KMS keys. Then it was imported to the Child NS. Restart the Altiris Services.
2. Run a "reconfigure" on this Child NS using SIM. The KMS keys should start appearing on the default location.

Powered by Wolken Software