Common worker installation issues
No response from dropdown/webservice
There can be a number of possible reasons as for why dropdown/webservice are not responding.
- No DNS record exists for Client web service (e.g cws.example.com)
- Incorrect token/data signing configuraiton
- Private Key missing for Data signing certificate
- Token/Data signing certificates not imported to Zervicepoint worker
- Service account does not have permissions to read private key from data signing certificate.
No DNS records exists for Client web service
Console log in web browser shows messages such as 'ERR_NAME_NOT_RESOLVED' hints towards that a DNS record is missing for client web service.
Ensure that the URL in Edit Store > Worker Authentication > Client Web Service URL can be resolved via a DNS record and is available.
Name not resolved
If the DNS records exist and is correct, ensure that the Client Web Service URL is correct.
Incorrect token/data signing configuraiton
Console log in web browser shows messages such as "Unexpected end of JSON input" or "Uncaught (in promise) Error: SyntaxError: Unexpected end of JSON input"
Zervicepoint Application log shows errors with Event Id 2 or 107 with messages such as:
Message: Could not find a certificate with matching thumbprint Source: Client web service Category: Common EventId: 2
Message: There was an error trying to execute: System.ArgumentNullException: Value cannot be null. Parameter name: certificate at Zipper.ZervicePoint.Common.Security.ProviderDataSignature.Sign(Byte data) at Zipper.ZervicePoint.Common.Security.ProviderDataSignature.Sign(String salt, Object data) at Zipper.ZervicePoint.Common.Security.ProviderDataSignature.GetSignedResult(IList results, String key, String salt) at Zipper.ZervicePoint.ProvisioningSystem.ClientWebService.Services.ProviderService.CallProvider(String serviceName, String arguments, String data, String rawToken, String callback) Source: Cient web service Category: Provisioning.Provider EventId: 107
This error is most likely due to incorrect thumbprint/missing certificate in LocalMachine\My on the Zervicepoint Worker.
Ensure that the thumbprint values for Token Signing and Data Signing in your Worker Authentication settings matches with the configuration in C:\Program Files\Zipper\Zervicepoint\Web\ClientWebService\web.config
<appSettings> <add key="TokenCertThumbPrint" value="268E5C976EECFE260324EE9CCDD0DE7E4CB7C68D"/> <add key="DataSignCertThumbPrint" value="A23AB134CE472095D39A13975F362D0ADA94D700"/> </appSettings>
Private Key missing for Data signing certificate / InvalidKey_OrCertificateForSigning
This error shows up when thumbprints are correct and a certificate is imported to LocalMachine\My, but the certificate itself does not contain the Private Key of the certicate.
This can occur if the certificate was not generated from the worker itself and instead generated in the admin web or if the imported certificate is missing the private key of the certificate. You should generate the data signing certificate as described in install worker.
The functionality for generating the token/data signing certificates in the Admin Web are more for on-premise installation of Zervicepoint, where the client web service endpoint may be located on the same server as the other Zervicepoint components.
Message: There was an error trying to execute: System.ArgumentException: InvalidKey_OrCertificateForSigning Parameter name: certificate at Zipper.ZervicePoint.Common.Security.ProviderDataSignature.Sign(Byte data) at Zipper.ZervicePoint.Common.Security.ProviderDataSignature.Sign(String salt, Object data) at Zipper.ZervicePoint.Common.Security.ProviderDataSignature.GetSignedResult(IList results, String key, String salt) at Zipper.ZervicePoint.ProvisioningSystem.ClientWebService.Services.ProviderService.CallProvider(String serviceName, String arguments, String data, String rawToken, String callback) Category: Provisioning.Provider EventId: 107
Private Key missing for Data signing certificate
The thumbprints are correct, I have the private key of the certificate but I'm still receiving event id 107.
Message: There was an error trying to execute: System.Security.Cryptography.CryptographicException: Keyset does not exist EventId: 107
This error is due to service account running the application pool, does not have access to the "private key" on the certificate. This can be solved by either explicity granting access to the certificate as shown in the screenshots below, or granting local administrator rights to the service account.
- Incorrect/Missing worker key for ProvisioningSystem
- Incorrect credential identifier
- Credential is not created in the context of the service account running the ProvisioningSystem service.
Incorrect/Missing worker key for ProvisioningSystem
EventId 85, 92, 224 can hint towards that the worker key is incorrect.
Message: Error creating token with provisioningKey for url https://portal.zervicepoint.com/. System.Configuration.ConfigurationErrorsException: Couldn't locate credentials ('WorkerKey') for getting security token. at Zipper.ZervicePoint.ProvisioningSystem.Service.ProvisioningServiceBase.GetProvisioningKey(String credentialName) at Zipper.ZervicePoint.ProvisioningSystem.Service.ProvisioningServiceBase.GetSecurityTokenProvisioningKey(String appliesTo, String credentialName) Category: All Events Priority: -1 EventId: 244 Severity: Error
Message: Could not report provider inventory status: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
When installing the worker, you specify an identifier for worker key(Default: WorkerKey). This is the identifer of the stored in a Windows Vault, accessible via Credential Manager or our Zervicepoint PowerShell Mgmt module.
Verify the identifier name by looking up the value in CredentialIdentifier in C:\Program Files\Zipper\ZervicePoint\ClientWebService\Zipper.ZervicePoint.ProvisioningSystem.Inventory.exe.config or C:\Program Files\Zipper\ZervicePoint\ProvisioningSystem\Zipper.ZervicePoint.ProvisioningSystem.Service.exe.config