Unable to get signature of response data. The key 'NS.PackageSigning' does not exist.
search cancel

Unable to get signature of response data. The key 'NS.PackageSigning' does not exist.

book

Article ID: 235631

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

The customer started noticing errors like these:

Entry 1:

Unable to get signature of response data.

The key 'NS.PackageSigning' does not exist.
   [Altiris.NS.Security.Cryptography.KeyNotFoundException @ Altiris.NS]
   at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetAsymmetricKey(String name)
   at Altiris.NS.Security.Cryptography.RSAKeyCache.GetKeyEntry(String keyName, Boolean isPrivate)
   at Altiris.NS.Security.Cryptography.RSAKeyCache.GetRSAPrivateKey(String keyName)
   at Altiris.NS.Security.Cryptography.DataSigning.GetSignatureForPackage(Byte[] dataToSign)
   at Altiris.NS.Utilities.NsResponseOps.GetContentSignature(Byte[] data)

Exception logged from: 
   at Altiris.NS.Utilities.NsResponseOps.GetContentSignature(Byte[])
   at Altiris.NS.Utilities.NsResponseOps.HeaderInsertDataSignature(System.Web.HttpResponse, Byte[])
   at Altiris.NS.Utilities.NsResponseOps.SendSymantecResponse(System.Web.HttpContext, Int32, Byte[], Boolean, Boolean, String)
   at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.HandleResponse(System.Web.HttpContext, T)
   at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.ProcessRequest(System.Web.HttpContext)
   at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
   at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)

HTTP [POST]: https://smpserver.domain.com/altiris/NS/Agent/GetClientPolicies.aspx
 ip: [192.XXX.xx.xx]; x-sma-version: [8.6.3269.0]; languages: [en-US]; content-length: [6618];
 timings: [[W] 00:00:00.0625041];
 response: [200 OK]; x-smp-nsversion: [8.6.3268.0];

-----------------------------------------------------------------------------------------------------
Date: 2/25/2022 3:17:09 PM, Tick Count: 8787703 (02:26:27.7030000), Size: 2.52 KB
Process: w3wp (7744), Thread ID: 145, Module: Altiris.NS.dll
Priority: 1, Source: Altiris.NS.Utilities.NsResponseOps.GetContentSignature

 

Entry 2:

GetPackageInfo.aspx: Unable to retrieve the source key for package: dfd45aaa-0ec1-2429-9ff7-bc3cc36b71cd, agent: f02beea4-b46d-4771-817c-a7ffbe3cd3a3

The key 'NS.PackageSigning' does not exist.
   [Altiris.NS.Security.Cryptography.KeyNotFoundException @ Altiris.NS]
   at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetAsymmetricKey(String name)
   at Altiris.NS.Security.Cryptography.RSAKeyCache.GetKeyEntry(String keyName, Boolean isPrivate)
   at Altiris.NS.Security.Cryptography.RSAKeyCache.GetRSAPublicKey(String keyName)
   at Altiris.NS.Security.Cryptography.DataSigning.GetPackageSignatureValidationKey()
   at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.GetSourceKey(ParsedPackageInfoDetailsRequest req, Guid packageGuid, Boolean alreadyRedirected)
   at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.BuildPackageCodebasesResponse(XmlWriter responseWriter, ParsedPackageInfoDetailsRequest req, PackageCodebaseCollection packageCodebases)

Exception logged from: 
   at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.BuildPackageCodebasesResponse(System.Xml.XmlWriter, Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest, Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider+PackageCodebaseCollection)
   at Altiris.Profiling.Support.XmlFormatOps.ToXml(System.Action<System.Xml.XmlTextWriter>, Boolean)
   at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.GetPackageInfoTry(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest)
   at Altiris.NS.ContextManagement.<>c__DisplayClass31_0<T>.<PerformWithDeadlockRetry>b__0(Altiris.Database.IDatabaseContext)
   at Altiris.Database.RetryActionRequest<T>.Perform(Boolean)
   at Altiris.Database.DatabaseContext<T>.PerformWithDeadlockRetryHelper(Int32, Int32, Boolean, Altiris.Common.Delegates.Getter<Altiris.Database.IDatabaseContext>, System.Action<Altiris.Database.IDatabaseContext>, System.Action<Altiris.Database.DeadlockRetryArgs>, Boolean, String, String)
   at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.GetPackageInfo(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest, Boolean&, Boolean&, Guid&)
   at Altiris.NS.StandardItems.SoftwareDelivery.PackageManager.GetPackageInfoDetails(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest)
   at Altiris.Web.NS.Agent.GetPackageInfoHandler.HandleRequest(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager, Altiris.Web.NS.Agent.GetPackageInfoHandler+GetPackageInfoData)
   at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.ProcessRequest(System.Web.HttpContext, T, Int32)
   at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.ProcessRequest(System.Web.HttpContext)
   at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
   at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)

HTTP [GET]: https://smpserver.domain.com/altiris/NS/Agent/GetPackageInfo.aspx?xml=<request resource="{F02BEEA4-B46D-4771-817C-A7FFBE3CD3A3}" version="1" type="codebases" compress="1" totalTime="0" totalFailureTime="0">
<packages>
 <package guid="{DFD45AAA-0EC1-2429-9FF7-BC3CC36B71CD}"/>
</packages>
<addresses>
 <address ip="XXX.XXX.XXX.XX"/>
 <address ip="192.XX.XX.1"/>
 <address ip="192.XXX.2.XX"/>
</addresses>
</request>

 ip: [XXX.XXX.XXX.XX]; x-sma-version: [8.6.3269.0];
 timings: [[W] 00:00:00.0156218];
 response: [200 OK]; x-smp-nsversion: [8.6.3268.0];

-----------------------------------------------------------------------------------------------------
Date: 2/25/2022 3:17:09 PM, Tick Count: 8787921 (02:26:27.9210000), Size: 5.06 KB
Process: w3wp (7744), Thread ID: 33, Module: Altiris.NS.StandardItems.dll
Priority: 1, Source: Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.BuildPackageCodebasesResponse

Environment

ITMS 8.6

Cause

This error refers to the "NS.PackageSigning.kms" under "C:\ProgramData\Symantec\SMP\KMS". The Altiris service is looking for this KMS file. The customer was missing the following folder from his system:
KMS

Resolution

1. Check if the "C:\ProgramData\Symantec\SMP\KMS" folder exists. If not, you may need to restore it from one of your backups created with SIM (Symantec Installation Manager) (see 174996 "Backing up and restoring Notification Server KMS encryption keys")

Note:
If for some reason SIM can't load or open the backup, you may want to try to do it on another Server and grab the KMS folder that is restored and place it on the affected SMP Server (Moving the Cryptographic Keys from Source Notification Server to Destination Notification Server)

In case you also are missing the coresettings.config file, you can restore it from a backup created with SIM if you did a backup for NS core settings.