Forum Discussion
CMG Error in 2006
I am experiencing a lot of error in the ProxyService_IN_0-CMGService.log file on my production machine. The errors are shown below. We are not using PKI, we use a public wildcard cert for server authentication. I have virtually an exact duplicate setup with a public cert and no errors are being reported in the log files. When ever I run the CMG Analyzer I get error at "Check Config setting are up to date" or "Testing the CMG Channel" They will never pass. In my test environment they will pass within about 10 seconds of starting. Could this error be coming from the CMG server itself.
ERROR: Security token validation exception with requesting URL https://xxx.xxx.xxxx/CCM_Proxy_ServerAuth/72057594037927940/CCM_STS. System.IdentityModel.Tokens.SecurityTokenValidationException:
System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~
at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~
at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey) --->
System.Security.Cryptography.CryptographicException: CryptVerifySignature failed with HRESULT 0x80090006~~
at Microsoft.ConfigurationManager.CommonBase.SignatureUtilities.ValidateSignature(Byte[] token, Byte[] signature, Byte[] publicKey)~~
at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~
--- End of inner exception stack trace ---~~
at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateCcmAuthHeader(String authHeader, String publicKey)~~
at Microsoft.ConfigurationManager.CloudBase.AuthorizationToken.TokenValidator.ValidateTokenEx(String token, String tokenHint)~~
at Microsoft.ConfigurationManager.BgbServerChannel.BgbServerReverseProxy.ValidateAuthorizationToken(String authorizationToken, EndpointClientAuthScheme clientAuthScheme, Uri requestUri,
IToken& validatedToken, EndpointClientAuthScheme& validatedScheme)
- Michiel Overweel
Microsoft
Ronald Lawrimore Are you sure the CMG (wildcard) certificate is trusted by the CMG connection point(s)?
Michiel Overweel I far as I can tell yes. What would be the best way to make absolutely sure.
- Michiel Overweel
Ronald Lawrimore You can try opening a browser on a CMG connection point and then entering the CMG URL (i.e. https://mycmg.mydomain.com). From there, you should be able to check the CMG certificate certification path.
