Kentico Staging - Error, "The entry 'UsernameToken' has already been added."

Leif Anderson asked on March 19, 2025 17:56

Kentico Version: 13.0.133
Staging Config: Using Username/Password
Methodology: MVC
When Did it Start?: Unsure, we don't use staging very much.
Hosting: Azure App Service/Azure SQL

We are having an issue where when we try to stage content from our dev Kentico environment to production, it is throwing an error. Note that for the site that exists at the root (just: cmsdev.company.com), staging works fine. The site thats having the issue is configured as follows:

Site Admin URL: cmsdev.company.com/cc
- dev admin
- In Azure App Service, this is set up as a virtual application, from /cc to site\wwwroot\CMS)
Staging Server URL: https://cms.company.com/CMSPages/Staging/SyncServer.asmx
- prod admin
- using username/password
- also tried "/cc" on the URL, but that didn't do anything
- The URL test works fine - says it can connect.

Here's the error:

Preparing the tasks for objects of type(s) 'cms.document'...
Synchronizing the tasks...
Synchronizing 'Update page 2018 - 2-3' task
Message: WSE032: There was an error loading the microsoft.web.services3 configuration section.

Exception type: System.Configuration.ConfigurationErrorsException
Stack trace:
at Microsoft.Web.Services3.Configuration.WebServicesConfiguration.get_Current()
at Microsoft.Web.Services3.Configuration.WebServicesConfiguration.get_MessagingConfiguration()
at Microsoft.Web.Services3.WebServicesClientProtocol..ctor()
at CMS.Synchronization.WSE3.Server.SyncServerWse..ctor()
at CMS.Synchronization.WSE3.SyncClient.get_Service()
at CMS.Synchronization.WSE3.SyncClient.RunTask(StagingTaskInfo taskObj)

Message: The entry 'UsernameToken' has already been added.

Exception type: System.Configuration.ConfigurationErrorsException
Stack trace:
at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
at System.Web.Configuration.HttpConfigurationSystem.GetApplicationSection(String sectionName)
at System.Web.Configuration.HttpConfigurationSystem.GetSection(String sectionName)
at System.Web.Configuration.HttpConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String configKey)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at Microsoft.Web.Services3.Configuration.WebServicesConfiguration.get_Current()

Synchronization failed, see synchronization log for details.

I found some resources related to this error: https://docs.kentico.com/k11/configuring-kentico/managing-sites/setting-up-multiple-websites/configuring-nested-websites. We don't use nested sites, though... and this article doesn't have a Kentico 13 analog, so I assume it's irrelevant. It does point to where the problem might be though - in our web config. I tried fiddling with his config - removed the x509 part, changed the localName... removed it entirely... but all that just caused different errors.

  <microsoft.web.services3>
    <security>
      <securityTokenManager>
        <add type="CMS.Synchronization.WSE3.WebServiceAuthorization" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" localName="UsernameToken" />
      </securityTokenManager>
      <x509 allowTestRoot="true" verifyTrust="true" />
    </security>
    <policy fileName="wse3policy.config" />
    <diagnostics>
      <trace enabled="false" input="InputTrace.webinfo" output="OutputTrace.webinfo" />
    </diagnostics>
  </microsoft.web.services3>

I also went through the documentation for setting up staging and debugging staging, and didn't find anything obviously missing:

staging kentico13

Correct Answer

Juraj Ondrus answered on March 21, 2025 05:49

So, you are effectively using nested sites. For the admin app service you have the "root" running in the root of the service. And then, you have the virtual folders which are pointing to the same physical project but logically are nested - and this is the problem. .NET detects nested web.config file in this case plus, you are running a web garden which is not supported.
I would recommend to not to use the virtual directories and instead configure fully separate admin URL domain and just add the domains to your app service. For example:
admin.cc.company.com
admin.is.company.com
etc...

and then just set these ad domain URLs for your sites.

1 votesVote for this answer Unmark Correct answer

Recent Answers

Juraj Ondrus answered on March 20, 2025 05:10

This indeed sounds like you are using nested sites. Why are you running the admin app in a subfolder, virtual directory? Where and how is running the front end site? Keep in mind that in Kentico 13 the front end app and admin app must be running side-by-side. What is the staging server? Is it the target or source?
What is running on cmsdev.company.com domain?

0 votesVote for this answer Mark as a Correct answer

Leif Anderson answered on March 20, 2025 15:46

We have 7 websites, where they all use the same admin URL (cms.company.com, one instance of Kentico app running in Azure App Service). Each "Site" requires a unique "Admin Domain Name", so our domains are configured like "cms.company.com/cc" (with two-letter code). And that two-letter code folder is set up in Azure App Service as a virtual app/directory (pointing from the two-letter code to "site/wwwroot/CMS"). So, for example... the admin is:

Root App (no code): https://cms.company.com/Admin/CMSAdministration.aspx
6 other apps (each has a unique code):
- https://cms.company.com/cc/Admin/CMSAdministration.aspx
- https://cms.company.com/ls/Admin/CMSAdministration.aspx
- https://cms.company.com/ic/Admin/CMSAdministration.aspx
- etc...

And then the actual websites accessed by internet users are separate MVC .NET Apps using the Kentico Nuget package to get data, each hosted in Azure App Service.

https://www.cpwebsite.com
https://www.lswebsite.com
https://www.icwebsite.com
...

Staging is set up as follows - we just need to be able to sync certain things from our dev environment to prod.

Target/PROD Server URL: https://cms.company.com/CMSPages/Staging/SyncServer.asmx
Enabled: Yes
Auth Method: Username/Password

Source would be our dev environment:

DEV: https://cmsdev.company.com (this is set up the same as prod - with 7 websites, using the folders).

0 votesVote for this answer Mark as a Correct answer

Leif Anderson answered on March 24, 2025 16:15

Thanks, Juraj! I appreciate your feedback. We will give that a shot -- using subdomains instead of the nested folders.

0 votesVote for this answer Mark as a Correct answer