Getting message "The key 'NS.WebServiceCredential' does not exist"

book

Article ID: 155774

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

During Replication, the following warning message is noticed in the NS Logs:

Description: A non-fatal exception occured during replication. The replication job will be restarted from the last check point. (JobID: e4b9b943-fc4a-47f4-b1f8-38566c95f476, Exception: Altiris.NS.Security.Cryptography.KeyNotFoundException: The key 'NS.WebServiceCredential' does not exist.

As well, when trying to Edit the settings for one of your Child Notification Servers's (Under Settings>Notification Server>Hierarchy>Right-click>Edit on parent node under the Topology tab), you get an error page and the NS logs shows an error referring to this missing KMS key.

Also Unable to perform replication from NS server.

Priority: 2
Date: 1/16/2012 10:26:50 AM
Tick Count: 428406468
Host Name: SMPServer01
Process: AeXSvc (6516)
Thread ID: 152
Module: AeXSVC.exe
Source: ReplicationJobThread
Description: A non-fatal exception occured during replication. The replication job will be restarted from the last check point. (JobID: e4b9b943-fc4a-47f4-b1f8-38566c95f476, Exception: Altiris.NS.Security.Cryptography.KeyNotFoundException: The key 'NS.WebServiceCredential' does not exist.

   at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetKey(String name)
   at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetKeyWithImpersonation(String name)
   at Altiris.NS.Utilities.WebServiceCredential.Decrypt(String value)
   at Altiris.NS.Utilities.WebServiceCredential.ToNetworkCredential()
   at Altiris.NS.Replication.ReplicationJobHelper.GetWebServiceProxy(String service, ServerReplicationSettings settings)
   at Altiris.NS.Replication.ReplicationJobHelper.GetWebServiceProxy(String service, ReplicationSettings settings, ReplicationEndpoint endpoint)
   at Altiris.NS.Replication.ReplicationJobHelper.GetWebServiceProxy(String service, String urlNS, Nullable`1 timeout, WebServiceCredential credential)
   at Altiris.NS.Replication.ReplicationServersInfo..ctor(SerializationScope scope, String remoteNSUrl, Nullable`1 remoteTimeout, WebServiceCredential remoteCredential)
   at Altiris.NS.Replication.ReplicationServersInfo.GetServerInfo(ReplicationJob jobItem, Boolean getSource)
   at Altiris.NS.Replication.DestinationReplicationJobWorker.ProcessJob(ReplicationJob jobItem)
   at Altiris.NS.Replication.ReplicationJobThread.ProcessJob())

Cause

In this particular instance, the customer was missing the 'NS.WebServiceCredential' key under the "C:\ProgramData\Symantec\SMP\KMS" folder. These KMS keys are usually created during the initial installation of the SMP.

Resolution

You can't just copy and paste over the KMS keys from another SMP. Those will not match.

There are two possible ways to get those missing KMS keys recreated:
1. Use the Migration Tool to import this key from another server. In one particular case the Migration tool  (NSUpgradeWizard.exe under the "...\Program Files\Altiris\Upgrade" folder) was used on the parent NS and exported its KMS keys. Then it was imported to the Child NS using the Migration tool as well. Restart the Altiris Services.
2.From the command line prompt, run AeXConfig.exe /configure "<drive>:\Program Files\Altiris\Notification Server\Config\CoreSolution.config". It may take a while to finish but usually after 10min approx. the KMS keys should start appearing on the default location.


Applies To

Symantec Management Platform 7.1, 7.1 SP1, 7.1 SP2