The customer started noticing errors like these:
Entry 1:
Unable to get signature of response data.
The key 'NS.PackageSigning' does not exist.
[Altiris.NS.Security.Cryptography.KeyNotFoundException @ Altiris.NS]
at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetAsymmetricKey(String name)
at Altiris.NS.Security.Cryptography.RSAKeyCache.GetKeyEntry(String keyName, Boolean isPrivate)
at Altiris.NS.Security.Cryptography.RSAKeyCache.GetRSAPrivateKey(String keyName)
at Altiris.NS.Security.Cryptography.DataSigning.GetSignatureForPackage(Byte[] dataToSign)
at Altiris.NS.Utilities.NsResponseOps.GetContentSignature(Byte[] data)
Exception logged from:
at Altiris.NS.Utilities.NsResponseOps.GetContentSignature(Byte[])
at Altiris.NS.Utilities.NsResponseOps.HeaderInsertDataSignature(System.Web.HttpResponse, Byte[])
at Altiris.NS.Utilities.NsResponseOps.SendSymantecResponse(System.Web.HttpContext, Int32, Byte[], Boolean, Boolean, String)
at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.HandleResponse(System.Web.HttpContext, T)
at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.ProcessRequest(System.Web.HttpContext)
at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
HTTP [POST]: https://smpserver.domain.com/altiris/NS/Agent/GetClientPolicies.aspx
ip: [192.XXX.xx.xx]; x-sma-version: [8.6.3269.0]; languages: [en-US]; content-length: [6618];
timings: [[W] 00:00:00.0625041];
response: [200 OK]; x-smp-nsversion: [8.6.3268.0];
-----------------------------------------------------------------------------------------------------
Date: 2/25/2022 3:17:09 PM, Tick Count: 8787703 (02:26:27.7030000), Size: 2.52 KB
Process: w3wp (7744), Thread ID: 145, Module: Altiris.NS.dll
Priority: 1, Source: Altiris.NS.Utilities.NsResponseOps.GetContentSignature
Entry 2:
GetPackageInfo.aspx: Unable to retrieve the source key for package: dfd45aaa-0ec1-2429-9ff7-bc3cc36b71cd, agent: f02beea4-b46d-4771-817c-a7ffbe3cd3a3
The key 'NS.PackageSigning' does not exist.
[Altiris.NS.Security.Cryptography.KeyNotFoundException @ Altiris.NS]
at Altiris.NS.Security.Cryptography.SymmetricKeyManager.GetAsymmetricKey(String name)
at Altiris.NS.Security.Cryptography.RSAKeyCache.GetKeyEntry(String keyName, Boolean isPrivate)
at Altiris.NS.Security.Cryptography.RSAKeyCache.GetRSAPublicKey(String keyName)
at Altiris.NS.Security.Cryptography.DataSigning.GetPackageSignatureValidationKey()
at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.GetSourceKey(ParsedPackageInfoDetailsRequest req, Guid packageGuid, Boolean alreadyRedirected)
at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.BuildPackageCodebasesResponse(XmlWriter responseWriter, ParsedPackageInfoDetailsRequest req, PackageCodebaseCollection packageCodebases)
Exception logged from:
at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.BuildPackageCodebasesResponse(System.Xml.XmlWriter, Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest, Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider+PackageCodebaseCollection)
at Altiris.Profiling.Support.XmlFormatOps.ToXml(System.Action<System.Xml.XmlTextWriter>, Boolean)
at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.GetPackageInfoTry(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest)
at Altiris.NS.ContextManagement.<>c__DisplayClass31_0<T>.<PerformWithDeadlockRetry>b__0(Altiris.Database.IDatabaseContext)
at Altiris.Database.RetryActionRequest<T>.Perform(Boolean)
at Altiris.Database.DatabaseContext<T>.PerformWithDeadlockRetryHelper(Int32, Int32, Boolean, Altiris.Common.Delegates.Getter<Altiris.Database.IDatabaseContext>, System.Action<Altiris.Database.IDatabaseContext>, System.Action<Altiris.Database.DeadlockRetryArgs>, Boolean, String, String)
at Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.GetPackageInfo(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest, Boolean&, Boolean&, Guid&)
at Altiris.NS.StandardItems.SoftwareDelivery.PackageManager.GetPackageInfoDetails(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager+ParsedPackageInfoDetailsRequest)
at Altiris.Web.NS.Agent.GetPackageInfoHandler.HandleRequest(Altiris.NS.StandardItems.SoftwareDelivery.PackageManager, Altiris.Web.NS.Agent.GetPackageInfoHandler+GetPackageInfoData)
at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.ProcessRequest(System.Web.HttpContext, T, Int32)
at Altiris.NS.WebHandlers.AltirisHttpHandlerBase<T>.ProcessRequest(System.Web.HttpContext)
at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
HTTP [GET]: https://smpserver.domain.com/altiris/NS/Agent/GetPackageInfo.aspx?xml=<request resource="{F02BEEA4-B46D-4771-817C-A7FFBE3CD3A3}" version="1" type="codebases" compress="1" totalTime="0" totalFailureTime="0">
<packages>
<package guid="{DFD45AAA-0EC1-2429-9FF7-BC3CC36B71CD}"/>
</packages>
<addresses>
<address ip="XXX.XXX.XXX.XX"/>
<address ip="192.XX.XX.1"/>
<address ip="192.XXX.2.XX"/>
</addresses>
</request>
ip: [
XXX.XXX.XXX.XX
]; x-sma-version: [8.6.3269.0]; timings: [[W] 00:00:00.0156218];
response: [200 OK]; x-smp-nsversion: [8.6.3268.0];
-----------------------------------------------------------------------------------------------------
Date: 2/25/2022 3:17:09 PM, Tick Count: 8787921 (02:26:27.9210000), Size: 5.06 KB
Process: w3wp (7744), Thread ID: 33, Module: Altiris.NS.StandardItems.dll
Priority: 1, Source: Altiris.NS.StandardItems.SiteServer.PackageServer.PackageInfoProvider.BuildPackageCodebasesResponse
ITMS 8.6
This error refers to the "NS.PackageSigning.kms" under "C:\ProgramData\Symantec\SMP\KMS". The Altiris service is looking for this KMS file. The customer was missing the following folder from his system:
KMS
1. Check if the "C:\ProgramData\Symantec\SMP\KMS" folder exists. If not, you may need to restore it from one of your backups created with SIM (Symantec Installation Manager) (see 174996 "Backing up and restoring Notification Server KMS encryption keys")
Note:
If for some reason SIM can't load or open the backup, you may want to try to do it on another Server and grab the KMS folder that is restored and place it on the affected SMP Server (Moving the Cryptographic Keys from Source Notification Server to Destination Notification Server)
In case you also are missing the coresettings.config file, you can restore it from a backup created with SIM if you did a backup for NS core settings.