Tagged: certificate

Cannot start analytics Tracker Exception – The Certificate was not found – Sitecore Azure Webapps

ERROR Cannot start analytics Tracker Exception: System.InvalidOperationException Message: The certificate was not found. Store: My, Location: CurrentUser, FindType: FindByThumbprint, FindValue: 23ACB78F3CDA99BA00646EA867C77466EBE8C718, InvalidAllowed: False. Source: Sitecore.Xdb.Common.Web at Sitecore.Xdb.Common.Web.Synchronous.SynchronousExtensions.SuspendContextLock[TResult](Func`1 taskFactory) at Sitecore.Analytics.DataAccess.Dictionaries.DataStorage.ReferenceDataClientDictionary.EnsureDefinitionType(String definitionTypeName) at Sitecore.Analytics.DataAccess.Dictionaries.DataStorage.ReferenceDataClientDictionary.LoadAs[T](Object key) at Sitecore.Analytics.DataAccess.Dictionaries.AverageCounterExtensions.MeasureMilliseconds[T](AverageCounter counter, Func`1 func) at Sitecore.Analytics.DataAccess.Dictionaries.ReferenceDataDictionary`2.Get(TKey key, LookupStrategy strategy) at Sitecore.Analytics.DataAccess.Dictionaries.UserAgentsDictionary.Register(String userAgentName) at Sitecore.Analytics.Tracking.CurrentVisitContext.set_UserAgent(String value) at Sitecore.Analytics.Pipelines.CreateVisits.InitializeWithRequestData.Process(CreateVisitArgs args) at (Object , Object ) at Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) at Sitecore.Pipelines.DefaultCorePipelineManager.Run(String pipelineName, PipelineArgs args, String pipelineDomain, Boolean failIfNotExists) at Sitecore.Pipelines.DefaultCorePipelineManager.Run(String pipelineName, PipelineArgs args, String pipelineDomain) at Sitecore.Analytics.Pipelines.CreateVisits.CreateVisitPipeline.Run(CreateVisitArgs args) at Sitecore.Analytics.Tracking.StandardSession.CreateInteraction(HttpContextBase httpContext) at Sitecore.Analytics.Pipelines.InitializeTracker.CreateVisit.Process(InitializeTrackerArgs args) at (Object , Object ) at Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) at Sitecore.Pipelines.DefaultCorePipelineManager.Run(String pipelineName, PipelineArgs args, String pipelineDomain, Boolean failIfNotExists) at Sitecore.Pipelines.DefaultCorePipelineManager.Run(String pipelineName, PipelineArgs args, String pipelineDomain) at Sitecore.Analytics.Pipelines.InitializeTracker.InitializeTrackerPipeline.Run(InitializeTrackerArgs args) at (Object , Object ) at Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) at Sitecore.Pipelines.DefaultCorePipelineManager.Run(String pipelineName, PipelineArgs args, String pipelineDomain, Boolean failIfNotExists) at Sitecore.Pipelines.DefaultCorePipelineManager.Run(String pipelineName, PipelineArgs args, String pipelineDomain) at Sitecore.Analytics.Pipelines.StartTracking.StartTrackingPipeline.Run(StartTrackingArgs args) at Sitecore.Analytics.DefaultTracker.StartTracking()

 

This error came up after we upgrade the certificate or I would say after we removed the Expired Certificate and add the new valid Certificate on Webapp (Sitecore on Azure).

This causes analytics to stop working.

To solve this error, Certificate Thumbprint has to be updated at various locations:

  1. Configuration files:
    On different web-apps of scaled environments, this Thumbprint needs to be updated.1.1 In App_Config/ConnectionStrings.config file of the following web-apps one might need to update any/all of xconnect.collection.certificate, xdb.marketingautomation.operations.client.certificate, xdb.referencedata.client.certificate (if exist):
    – CM
    – CD (all CD web-apps)
    – MA-Ops
    – PRC (processing)

    1.2 One needs to update the value of key validateCertificateThumbprint in App_Config/AppSettings.config file in following WebApps.
    – XC-Collect
    – XC-RefData
    – XC- Search
    – MA-Rep
    – MA-Ops

    1.3 <CertificateThumbprint> Tag’s value of Config/production/Sitecore.IdentityServer.Host.xml in following WebApp:
    – Si (Sitecore Identity)Once these configuration files of various Web-Apps has been updated, restart these Web-Apps.

  2.  If the above doesn’t solve the issue, following Web-App configurations also needs to be changed like below. Open the Configuration tab, and check for “Certificate” – all the Thumbprint needs to be updated where it is referring to old/incorrect Thumbprint:2.1 CM:
    Open the CM web-app in Azure –>Go to Configuration Tab –> And edit the certificates’ configuration.
    Make sure you update the Thumbprint value to valid/correct Thumbprint.
    – Cortex Reporting Client Certificate
    – WEBSITE_LOAD_CERTIFICATES
    – XConnect Collection Certificate
    – XDB MA Ops Client Certificate
    – XDB MA Reporting Client Certificate
    – XDB Reference Data Client Certificate
    2.2 SI:
    Update the valid/correct Thumbprint for Certificate Configuration in Sitecore-Identity WebApp as well.
    Replace the expired/incorrect thumbprint for “Certificate Thumbprint” & “WEBSITE_LOAD_CERTIFCATES”

    2.3 CDs:
    Go to the configuration tab for each CD server and update the thumbprint value for the following configuration:
    – WEBSITE_LOAD_CERTIFICATES
    – XConnect Collection Certificate
    – XDB MA Ops Client Certificate
    – XDB Reference Data Client Certificate

    2.4 Cortex Processing:
    From the configuration node, update the following Certificate configuration with valid/correct Thumbprint for Cortex Processing Web-App:
    – Processing Engine Xconnect Collection Client Certificate Thumbprint
    – Processing Engine Xconnect Search Client Certificate Thumbprint
    – WEBSITE_LOAD_CERTIFICATES
    – XConnect Server Certificate Validation Thumbprint

    2.5 Cortext Reporting:
    Update the below two certificate configuration for Cortext Reporting:
    – WEBSITE_LOAD_CERTIFICATES
    – XConnect Server Certificate Validation Thumbprint

    2.6 Ma-Ops
    Update the WEBSITE_LOAD_CERTIFICATES thumbprint for Ma-ops

    2.7 Ma-Rep
    Update below two configurations with the correct/valid thumbprint value:
    – WEBSITE_LOAD_CERTIFICATES
    – XConnect Server Certificate Validation Thumbprint

    2.8 Prc (Processing)

    Update the below two Certificate configuration with appropriate certificate thumbprint value:
    – WEBSITE_LOAD_CERTIFICATES
    – XConnect Collection Certificate

    2.9 XC-Collect
    Update the configuration for XC-Collect as well:
    – XConnect Server Certificate Validation Thumbprint

    2.10 XC-RefData
    Update the “XConnect Server Certificate Validation Thumbprint” configuration for XC-RefData Web-App as well.

 

Once you update these configurations, restart these Web-Apps and then try again. The analytics tracker error due to the Certificate was no longer in your log files.

 

Happy Sitecoring…

Install-SitecoreConfiguration : The certificate does not have a property that references a private key

I was trying to install Sitecore 9.0 update 1 instance on a local machine where I am already having couple of 9.0 instances. While installation, I was facing Certificate error, specifically at the time of Creating certificate of xConnect site: Install-SitecoreConfiguration : The certificate does not have a property that references a private key

image

I have checked Log file, in my case it is xconnect-createcert log file. I found following error.

[----------------------------------------------------- CreateSignedCert : NewSignedCertificate -------------------------------------------------]
VERBOSE: Resolving ConfigFunction extension 'GetCertificate'
VERBOSE: Resolved 'Invoke-GetCertificateConfigFunction'
VERBOSE: Invoke-GetCertificateConfigFunction
VERBOSE: Id: DO_NOT_TRUST_SitecoreRootCert
VERBOSE: CertStorePath: cert:\LocalMachine\Root
VERBOSE: Found Cert with thumbprint: 01C12329C899F2B535258E3C15BBC3D56B20D7D4
VERBOSE: Performing the operation "New-SignedCertificate: New signed certificate for sc901.local.xconnect_client" on target "c:\certificates".
VERBOSE: Searching certificates in cert:\LocalMachine\My for Name sc901.local.xconnect_client
VERBOSE: Failed to find certificate with Name sc901.local.xconnect_client
VERBOSE: New-SignedCertificate: Create a signed certificate for 'sc901.local.xconnect_client'
VERBOSE: New-SignedCertificate: Using PKI parameters for Windows Server 2016 and Windows 10
**********************
Command start time: 20180619121947
**********************
PS>TerminatingError(New-SelfSignedCertificate): "The certificate does not have a property that references a private key. 0x8009200a (-2146885622 CRYPT_E_UNEXPECTED_MSG_TYPE) CertEnroll::CSignerCertificate::Initialize: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)"
>> TerminatingError(New-SelfSignedCertificate): "The certificate does not have a property that references a private key. 0x8009200a (-2146885622 CRYPT_E_UNEXPECTED_MSG_TYPE) CertEnroll::CSignerCertificate::Initialize: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)"
Install-SitecoreConfiguration : The certificate does not have a property that references a private key. 0x8009200a 
(-2146885622 CRYPT_E_UNEXPECTED_MSG_TYPE) CertEnroll::CSignerCertificate::Initialize: Cannot find object or property. 
0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)
At C:\SCResources\SCReources9_1_171219\InstallSitecore.ps1:40 char:1
+ Install-SitecoreConfiguration @certParams -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
 + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration
Install-SitecoreConfiguration : The certificate does not have a property that references a private key. 0x8009200a (-2146885622
CRYPT_E_UNEXPECTED_MSG_TYPE) CertEnroll::CSignerCertificate::Initialize: Cannot find object or property. 0x80092004 (-2146885628
CRYPT_E_NOT_FOUND)
At C:\SCResources\SCReources9_1_171219\InstallSitecore.ps1:40 char:1
+ Install-SitecoreConfiguration @certParams -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
 + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Install-SitecoreConfiguration

[TIME] 00:00:03
**********************
Windows PowerShell transcript end
End time: 20180619121948
**********************

 

I have googled this issue but unfortunately, not able to find any specific solution which solves this issue. Then I raised Sitecore Support ticket, and our great Sitecore Support Team (Mr. Michael Toh) came for rescue and has provided the solution:

Solution:

  1. Go to mmc > Add/Remove Snap in > Certificates > Computer Account > Local Computer;
  2. Delete following certificate (if exist) under “Personal/Certificates” and “Trusted Root Certification Authorities/Certificates”;
    • *.xconnect
    • *.xconnect_client
    • <Sitecore9 site name>
    • DO_NOT_TRUST_SitecoreFundamentalsRoot
    • DO_NOT_TRUST_SitecoreRootCert
  3. Go to mmc > Add/Remove Snap in > Certificates > Computer Account > My user account;
  4. Repeat step (2);
  5. Go to C:\certificates, delete all *.crt files;

This is basically clean up all Sitecore Certificates. Make sure,you should not delete the certificate specific to your existing sites.

Thank you Sitecore Support team for solving this weird issue. Hope, this will helpful to others to save their day.

Happy Sitecoring… version 9.0 🙂

Basics of xConnect – Step 1 – Valid Certificate

Please note, xConnect is the service layer that sits in between the xDB and any trusted client. Any application that accesses the xDB through xConnect must have valid certificate.

If you already have the ssl certificate for your application then you can copy the thumbprint of the certificate and pass it in the code.

If not, Let’s create the secure certificate,

Make sure you have folder named certificates created under C: drive or else just update the path of C:\certificates in below script.


#generate certificate
$thumbprint = (New-SelfSignedCertificate `
-Subject "CN=xConnectDemoCert" `
-Type SSLServerAuthentication `
-FriendlyName "xConnectDemoCertificate").Thumbprint
#export certificate with password
$certificateFilePath = "C:\certificates\$thumbprint.pfx"
Export-PfxCertificate `
-cert cert:\LocalMachine\MY\$thumbprint `
-FilePath "$certificateFilePath" `
-Password (Read-Host -Prompt "Enter password that would protect the certificate" -AsSecureString)
#convert it to base64 string (blob)
$fileContentBytes = get-content $certificateFilePath -Encoding Byte
[System.Convert]::ToBase64String($fileContentBytes) | Out-File "C:\certificates\$thumbprint.txt"
Write-Host "Your secure certificate blob is located at C:\certificates\$thumbprint.txt" 

Open Powershell and run the script. You will be asked to enter the password for the certificate.

Once the certificate has been created, Go to the IIS server and add binding for your site. Make sure it is secured and having port 443 and select the newly created certificate “xConnectDemoCertificate” under SSL certificate option.

BasicsofxConnectCertificateIIS

 

Once we are done with the certificate, we need its thumbprint to connect to xConnect. Now let’s create the code and get the certificate.


//Certificate
 CertificateWebRequestHandlerModifierOptions options =
 CertificateWebRequestHandlerModifierOptions.Parse("StoreName=My;StoreLocation=LocalMachine;FindType=FindByThumbprint;FindValue=587d948806e57cf511b37a447a2453a02dfd3686");
 var certificateModifier = new CertificateWebRequestHandlerModifier(options);

You can notice, we need the StoreName, StoreLocation and the Thumbprint of the certificate as parameters to pass. Value
“587d948806e57cf511b37a447a2453a02dfd3686” is the certificate thumbprint value.

Replace the above code at //Certificate comment location in the createUpdateContact() method. The final method output will look like following:


public void createUpdateContact()
{
//Certificate
CertificateWebRequestHandlerModifierOptions options =
CertificateWebRequestHandlerModifierOptions.Parse("StoreName=My;StoreLocation=LocalMachine;FindType=FindByThumbprint;FindValue=587d948806e57cf511b37a447a2453a02dfd3686");
var certificateModifier = new CertificateWebRequestHandlerModifier(options);

//Model - xConnect Client Configuration

// Identifier

//Contact & Facets

// Interaction

}

Let’s now understand the Model and Client Configuration Step2

or Go back to the Main Page