Staging Sync Error InvalidOperationException: WSE563

Donnie Hyatt asked on May 1, 2018 16:13

For 3 years I have been running Kentico 8.2.48 with a functional staging environment, pushing daily content changes to a production server without any issues. Both servers were running Windows Server 2012 R2.

I recently did the incremental upgrade to Kentico 11.0, and deployed both environments to new servers with Windows Server 2016. The headaches of the upgrade notwithstanding, both environments are functional but I am unable to sync the staging tasks, as I encounter the following exception:

Message: Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.InvalidOperationException: WSE563: The computed password digest doesn't match that of the incoming username token.
at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyHashedPassword(UsernameToken token, String authenticatedPassword)
at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyPassword(UsernameToken token, String authenticatedPassword)
at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken token)
at CMS.Synchronization.WSE3.WebServiceAuthorization.VerifyToken(SecurityToken token)
at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element)
--- End of inner exception stack trace ---
at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element)
at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement element, SecurityConfiguration configuration, Int32& tokenCount)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope envelope, String localActor, String serviceActor)
at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)

Exception type: System.Web.Services.Protocols.SoapHeaderException
Stack trace: 
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at CMS.Synchronization.WSE3.Server.SyncServerWse.ProcessSynchronizationTaskData(String stagingTaskData)
at CMS.Synchronization.WSE3.Server.SyncServerWse.ProcessSynchronizationTaskData(IStagingTaskData stagingTaskData)
at CMS.Synchronization.WSE3.SyncClient.RunTask(StagingTaskInfo taskObj)

Synchronization client error: Exception occurred: Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.InvalidOperationException: WSE563: The computed password digest doesn't match that of the incoming username token.
at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyHashedPassword(UsernameToken token, String authenticatedPassword)
at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyPassword(UsernameToken token, String authenticatedPassword)
at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken token)
at CMS.Synchronization.WSE3.WebServiceAuthorization.VerifyToken(SecurityToken token)
at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element)
--- End of inner exception stack trace ---
at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element)
at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement element, SecurityConfiguration configuration, Int32& tokenCount)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope envelope, String localActor, String serviceActor)
at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)Synchronizing 'Update page Sandbox' task

I have tried suggestions like this one and this one, but even after adding the App Setting to the config file and changing the credentials TWICE to make sure they were the same between the environments, I am still unable to synchronize tasks.

Any suggestions would be helpful, I have some very unhappy users. Thanks!

Recent Answers

Trevor Fayas answered on May 1, 2018 17:25

My hunch is that your Staging authentication is the X.509 certificate, which you may need to regenerate as it may be based on things like the Kentico version or other things.

An easy test would be to set the Staging Authentication to username and password and set it in your environments, update your Staging Server setting and try that, see if it works, it may at least verify that it is the X.509 certificate thing.

0 votesVote for this answer Mark as a Correct answer

Donnie Hyatt answered on May 1, 2018 18:37 (last edited on May 1, 2018 18:38)

Trevor -

Thanks for the reply. I have confirmed that both the source and target server are still configured for Username and password authentication.

0 votesVote for this answer Mark as a Correct answer

Trevor Fayas answered on May 1, 2018 18:53

And to confirm, these are new staging tasks, correct? These are not ones that were waiting to push before the upgrades? you cleared out those tables?

Also did you create your staging from the live site? Usually for upgrades, it works best if you upgrade 1 instance, then once it's all done you clone that to make your staging server and re-point everything.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.