Virtual Machine Management discovery and inventory tasks fail. Failed to verify signature on xml blob.
Article ID: 165023
Updated On:
Products
Issue/Introduction
PPA debug logs show the error: Unable to invoke requested method on given webservice. Error- Failed to verify signature on xml blob
1074.32702637 [11464] PPA: Resolving credential:
1074.32702637 [11464] PPA: Credential: 958fd0b1-c64c-4d31-a6ed-8b55bb785ce7
1074.32727051 [11464] InitializationParams::InitializationParams() - Setting Cache Time out to default value of 300 seconds
1074.32751465 [11464] InitializationParams::InitializationParams() - Setting Cache Time out to default value of 300 seconds
1074.32763672 [11464] CredentialService::GetCredentials: Going to fetch credential from server - {958FD0B1-C64C-4D31-A6ED-8B55BB785CE7}
1074.36486816 [11464] PPA: Failed to resolve credentials from Credential Manager for: '958fd0b1-c64c-4d31-a6ed-8b55bb785ce7' with Inner exception:
1074.36499023 [11464] PPA: Unable to invoke requested method on given webservice. Error- Failed to verify signature on xml blob
1074.36511230 [11464] PPA: CP::FromXml:> failed to fetch credentials for protocol {b9988e2f-47af-460c-ad41-9196237d42d0}
1074.36523438 [11464] PPA: Failed to resolve credentials from Credential Manager for: '958fd0b1-c64c-4d31-a6ed-8b55bb785ce7'
1074.36523438 [11464] PPA: CP::FromXml
1074.36523438 [11464] ConnectionProfile::ResolveRuntimeCredentials()
1074.36523438 [11464] Failed to resolve credentials from Credential Manager for: '958fd0b1-c64c-4d31-a6ed-8b55bb785ce7'
1074.39184570 [11464] PPA: Unable to fetch any credential referenced in CP XML
1074.39208984 [11464] PPA: ProfileManager::GetConnectionProfile: Throwing exception
Environment
Virtual Machine Management 8.x
Cause
Mismatch of Credential Manager Public Keys between the SMP Server and Symantec_CMDB database.
Resolution
Step 1 : Check if Symantec management agent is properly installed and is able to contact with server without any issues. Do a send inventory and check logs for any error in communication. Check if the Symantec Management agent is communicating with server using HTTPS or HTTP.
Step 2 : Check if Credential Manager WCF services are working properly -
~Type the following URLs into web browser if NS and Altiris Agent is set to communicate in non-ssl mode :
http://localhost/Altiris/CredentialManager/Service/CredentialManagerRegisterWebService.svc
http://localhost/Altiris/CredentialManager/Service/CredentialManagerServicesWebService.svc
~Type the following URLs into web browser if NS and Altiris Agent is set to communicate in ssl mode :
https://localhost/Altiris/CredentialManager/Service/CredentialManagerRegisterWebServiceSecure.svc
https://localhost/Altiris/CredentialManager/Service/CredentialManagerServicesWebServiceSecure.svc
NOTE: On typing the URL on browser you must see a page saying “This is a Windows© Communication Foundation service.”
Step 3 : If Symantec Management agent is working properly along with WCF services perform the below mentioned steps -
- Perform a full backup of the SMP Server and Symantec_CMDB database.
- Remove all rows from CMClientPublicKey.
- Delete registry key HKLM\Software\Altiris\CredentialManager
- Re-run CMClientInstall.exe from NSCap\Bin\x64\CredentialManager as Administrator. Check whether ServerURL,Exchange, Signature values are created under registry hive HKLM\Software\Altiris\CredentialManager\Keys\{GUID.EN_US}.
- Reboot SMP Server. (Must be done)
- Re-launch the browser and Symantec management console to check whether existing and new Connection profiles and credentials are working.
NOTE: New discovery tasks must be created using new WMI credentials before running Inventory task.
Feedback
