How to Ensure Proper Generation of Security Certificates

  • Updated

In some cases you will see eSync fail due to improperly generated encoded values.

In some cases you will see eSync fail due to improperly generated encoded values. You can confirm if the correct encoded values were generated by the security configurator by comparing the web.config file to the Ektron Windows Service config file.  To confirm the values, do the following:

  1. In the Ektron Windows Service folder(located in \program files(x86)\Ektron\Ektron Windows Service 40\), there should be six local certificates(which are named after the local server) and three remote certificates(named after the remote server you are syncing to). If certificate files are missing see this KB. 
    Generating, Troubleshooting and Verifying eSync Security Certificates
  2. Compare like named certificates between the local and remote servers. Make sure the date modified matches. For instance if you are syncing Server1 and Server2 make sure the Server1 certificate files have the same date modified in the Ektron Windows Service folder of Server2 and vice versa.
  3. Compare the date modified for the local certificates in the Ektron Windows Service folder to the certificate files in the local site folder.
  4. In your site's web.config look for the encodedValue key. Copy just the long string in the quotes to a new text editor window.
  5. In the Ektron.ASM.EktronServices40.exe.config (located in \program files(x86)\Ektron\Ektron Windows Service 40\), copy the entire encodedValue key of the server the site lives on and paste it into the other window.
  6. Compare the two keys to ensure a match.
  7. If different, change the web.config encoded value to match the value in Ektron.ASM.EktronServices40.exe.config. If values are changed, restart the Ektron Windows Service. 
  8. If you are troubleshooting this on additional sites and/or servers, repeat these steps. In Ektron.ASM.EktronServices40.exe.config you will see encoded values of remote servers as well. You will want to make sure these values match the encoded value in the corresponding Ektron.ASM.EktronServices40.exe.config file on the remote server.