Ektron's eSync security certificates are used to ensure secured communication between servers. Here is more information for troubleshooting, generating, and verifying security certificates. They're tied to server hardware, server hostname, and IP address. If any of these settings were to change, certificates would need to be regenerated and swapped between sync servers as necessary.
Ensuring Sync Certificate Values are correct:
In some cases you will see eSync fail due to improperly generated encoded values. You can confirm if the correct encoded values were generated by the security configurator by comparing your server's web.configs to the Ektron Windows Service's config. To confirm the values, do the following:
- In your site's web.config look for the encodedValue key. Copy just the long string in the quotes to a new text editor window.
- Compare the two to machine keys to ensure a match.
- If you're troubleshooting this on additional sites and/or servers, repeat these steps. In Ektron.ASM.EktronServices40.exe.config you will see encoded values of remote servers as well. You will want to make sure these values match the encoded value in the corresponding Ektron.ASM.EktronServices40.exe.config file on the remote server.
To resolve the following sync certificate errors follow the steps below:
Located in the Event Viewer > Application and Services Logs > EktronL4:
- EWS started up BUT is NOT fully functional
Located within the Ektron CMS workarea > Settings > Configuration > Synchronization > Profiles
- Clicking “Profiles” and the Uh ohh error appears.
- Requested Security Token: "The requested security token could not be satisfied because authentication failed."
- Identity Check error: Exception Details: System.ServiceModel.Security.MessageSecurityException: The identity check failed for the outgoing message.
- Cryptography error : Exception Details: System.Security.Cryptography.CryptographicException:
The parameter is incorrect.
During “Create Synchronization Server Relationship” this error pops up:
- "No security certificates were found for synchronization. Please configure the certificates and try again." This is typically due to the local certificates being invalid.
When sync runs all the way to the end and fails after Asset Library Synchronization Completed
Generating Sync Certificates:
- Run SecurityConfigurator.exe from the \Program Files (x86)\Ektron\CMS400vXX\Utilities\SecurityConfig\SecurityConfigurator folder.
- Disable Discard Existing Keys, and click Generate .
- If this does not work repeat step 1, enable Discard Existing Keys, and click Generate .
- If you did step 3 then you will need to apply the newly generated certificates to the other eSync servers that it syncs to or from.
Setting up Integrated Security with eSync
1) Set integrated security from 0 to 1 in the file Ektron.ASM.EktronServices40.exe.config (located in program files(x86)/Ektron/Ektron Windows Service 40).
2) Do the same for the web.config.
3) Run the following utility as an administrator: C:\Program Files (x86)\Ektron\CMS400v91\Utilities\SecurityConfig\SecurityConfiguratorIntegrated\SecurityConfiguratorIntegrated.exe
4) Generate and apply security certificates.
5) Set the Ektron Windows Services 4.0 service's 'log on as' user to the Integrated Security user.
6) Give that same user full control in the permissions of your Ektron Windows Service folder(C:\Program Files (x86)\Ektron\EktronWindowsService40).