Commerce Server General - Encryption-ERROR

This is Interesting: Free IT Magazines  
Home > Archive > Commerce Server General > September 2006 > Encryption-ERROR





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Encryption-ERROR
Xcel

2006-09-12, 1:21 pm

I am trying to save a credit card in the Customer and Order Manager and
receive the following error: The profile contains encrypted properties and
cannot be saved due to server configuration. Please Contact your system
administrator.

Please Advise as to how I can fix the above error.
David Hargis [MSFT]

2006-09-12, 7:39 pm


You need to set up the public / private key pair and key index in the
ProfilesWebService. If you're using the StarterSite, SampleDataImport.exe
should do this for you. If you're not using the StarterSite, use the
ProfileKeyManager with the /kn flag to generate the encryption keys. Then
copy/paste these keys into web.config of the ProfilesWebService. The
comments of the web service and the CS help documentation will give you all
of the details you need.

- David

--------------------
Thread-Topic: Encryption-ERROR
thread-index: AcbWfPaAGWV/nwDKRg6LudgwW7i6CQ==
X-WBNR-Posting-Host: 70.88.248.145
From: =?Utf-8?B?WGNlbA==?= <Xcel@discussions.microsoft.com>
Subject: Encryption-ERROR
Date: Tue, 12 Sep 2006 08:06:02 -0700
Lines: 6
Message-ID: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.commerceserver.general
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18383
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.commerceserver.general

I am trying to save a credit card in the Customer and Order Manager and
receive the following error: The profile contains encrypted properties and
cannot be saved due to server configuration. Please Contact your system
administrator.

Please Advise as to how I can fix the above error.



--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
Xcel

2006-09-12, 7:39 pm

David - thank you for the response.

I am using the new Starter Site, however I am not run the SampleDateImport
since I have my own data to play with.

I have implemented the keys in the profile web service which now lets me
save a credit card through the Business Applications. However I am still
generating an error when trying to Order via the web/store. If I look in the
event viewer of the Server I am getting the following error: Error Obtaining
Handle to Public Key Container.

Please Advise.

Chris...

"David Hargis [MSFT]" wrote:

>
> You need to set up the public / private key pair and key index in the
> ProfilesWebService. If you're using the StarterSite, SampleDataImport.exe
> should do this for you. If you're not using the StarterSite, use the
> ProfileKeyManager with the /kn flag to generate the encryption keys. Then
> copy/paste these keys into web.config of the ProfilesWebService. The
> comments of the web service and the CS help documentation will give you all
> of the details you need.
>
> - David
>
> --------------------
> Thread-Topic: Encryption-ERROR
> thread-index: AcbWfPaAGWV/nwDKRg6LudgwW7i6CQ==
> X-WBNR-Posting-Host: 70.88.248.145
> From: =?Utf-8?B?WGNlbA==?= <Xcel@discussions.microsoft.com>
> Subject: Encryption-ERROR
> Date: Tue, 12 Sep 2006 08:06:02 -0700
> Lines: 6
> Message-ID: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> Newsgroups: microsoft.public.commerceserver.general
> Path: TK2MSFTNGXA01.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18383
> NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> I am trying to save a credit card in the Customer and Order Manager and
> receive the following error: The profile contains encrypted properties and
> cannot be saved due to server configuration. Please Contact your system
> administrator.
>
> Please Advise as to how I can fix the above error.
>
>
>
> --
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> Note: For the benefit of the community-at-large, all responses to this
> message are best directed to the newsgroup/thread from which they
> originated
David Hargis [MSFT]

2006-09-16, 7:28 pm


You'll need to add the same keys to web.config of the StarterSite (runtime
site) in the profiles section. Here's an example:

<profiles>
<userProfile
profileDefinition="UserObject"
userIdProperty="GeneralInfo.user_id"
organizationIdProperty="AccountInfo.org_id"
catalogSetIdProperty="AccountInfo.user_catalog_set"
userIdSource="ASP.NET"
userIdKey="GeneralInfo.email_address"
userIdTarget="GeneralInfo.user_id"/>
<organizationProfile
profileDefintion="Organization"
organizationIdProperty="GeneralInfo.org_id"
catalogSetIdProperty="GeneralInfo.org_catalog_set"/>
<encryption>
<keys keyIndex="1">
<add
type="publicKey"
value=" registry:HKEY_LOCAL_MACHINE\SOFTWARE\Mic
rosoft\Commerce Server
2007 Keys\StarterSite,PublicKey"/>
<add
type="privateKey1"
value=" registry:HKEY_LOCAL_MACHINE\SOFTWARE\Mic
rosoft\Commerce Server
2007 Keys\StarterSite,PrivateKey"/>
<add
type="privateKey2"
value=""/>
</keys>
</encryption>
</profiles>

- David

--------------------
Thread-Topic: Encryption-ERROR
thread-index: AcbWlfikydK4cZTpT92xy4T3IFdTyw==
X-WBNR-Posting-Host: 70.88.248.145
From: =?Utf-8?B?WGNlbA==?= <Xcel@discussions.microsoft.com>
References: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
<s66scAp1GHA.396@TK2MSFTNGXA01.phx.gbl>
Subject: RE: Encryption-ERROR
Date: Tue, 12 Sep 2006 11:05:03 -0700
Lines: 70
Message-ID: <A79D6D10-65D9-473B-9892-6ED5D68A7701@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.commerceserver.general
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18389
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.commerceserver.general

David - thank you for the response.

I am using the new Starter Site, however I am not run the SampleDateImport
since I have my own data to play with.

I have implemented the keys in the profile web service which now lets me
save a credit card through the Business Applications. However I am still
generating an error when trying to Order via the web/store. If I look in
the
event viewer of the Server I am getting the following error: Error
Obtaining
Handle to Public Key Container.

Please Advise.

Chris...

"David Hargis [MSFT]" wrote:

>
> You need to set up the public / private key pair and key index in the
> ProfilesWebService. If you're using the StarterSite,
SampleDataImport.exe
> should do this for you. If you're not using the StarterSite, use the
> ProfileKeyManager with the /kn flag to generate the encryption keys.
Then
> copy/paste these keys into web.config of the ProfilesWebService. The
> comments of the web service and the CS help documentation will give you
all
> of the details you need.
>
> - David
>
> --------------------
> Thread-Topic: Encryption-ERROR
> thread-index: AcbWfPaAGWV/nwDKRg6LudgwW7i6CQ==
> X-WBNR-Posting-Host: 70.88.248.145
> From: =?Utf-8?B?WGNlbA==?= <Xcel@discussions.microsoft.com>
> Subject: Encryption-ERROR
> Date: Tue, 12 Sep 2006 08:06:02 -0700
> Lines: 6
> Message-ID: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> Newsgroups: microsoft.public.commerceserver.general
> Path: TK2MSFTNGXA01.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18383
> NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> I am trying to save a credit card in the Customer and Order Manager and
> receive the following error: The profile contains encrypted properties
and
> cannot be saved due to server configuration. Please Contact your system
> administrator.
>
> Please Advise as to how I can fix the above error.
>
>
>
> --
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> Note: For the benefit of the community-at-large, all responses to this
> message are best directed to the newsgroup/thread from which they
> originated



--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
Thomas

2006-09-16, 7:28 pm

Can you be more specific is how to setup this up? Let's presume that I'm going
to have a CS web farm so I presume I would want to make sure the keys are
actually stored in the config files so that all of the servers are encrypting
and decrypting with the same key.

1. Run <CS install dir>\Tools\ProfileKeyManager /kn /o
This spits the out the key hash to a text file.

2. Go into the Web.Config for the site and adjust profiles like so:
<profiles>
<userProfile>...</userProfile>
<encryption>
<keys keyIndex="1">
<add type="publicKey" value="<hash value copied from the output
file from step 1?>" />
<add type="privateKey1" value="<hash value copied from the
output file from step 1?>" />
<add type="privateKey2" value="<hash value copied from the
output file from step 1?>" />
</keys>
</encryption>

3. Then...? Go into the Web.Config file for profile web service and...?


<rant>
This is another example of something that should be in the installation of the
program and is documented poorly. Developers shouldn't have to go on a which
hunt just to add a profile to the system.
</rant>


Thomas


"David Hargis [MSFT]" <davidhargis@online.microsoft.com> wrote in message
news:Z62yQF41GHA.4548@TK2MSFTNGXA01.phx.gbl...
>
> You'll need to add the same keys to web.config of the StarterSite (runtime
> site) in the profiles section. Here's an example:
>
> <profiles>
> <userProfile
> profileDefinition="UserObject"
> userIdProperty="GeneralInfo.user_id"
> organizationIdProperty="AccountInfo.org_id"
> catalogSetIdProperty="AccountInfo.user_catalog_set"
> userIdSource="ASP.NET"
> userIdKey="GeneralInfo.email_address"
> userIdTarget="GeneralInfo.user_id"/>
> <organizationProfile
> profileDefintion="Organization"
> organizationIdProperty="GeneralInfo.org_id"
> catalogSetIdProperty="GeneralInfo.org_catalog_set"/>
> <encryption>
> <keys keyIndex="1">
> <add
> type="publicKey"
> value=" registry:HKEY_LOCAL_MACHINE\SOFTWARE\Mic
rosoft\Commerce Server
> 2007 Keys\StarterSite,PublicKey"/>
> <add
> type="privateKey1"
> value=" registry:HKEY_LOCAL_MACHINE\SOFTWARE\Mic
rosoft\Commerce Server
> 2007 Keys\StarterSite,PrivateKey"/>
> <add
> type="privateKey2"
> value=""/>
> </keys>
> </encryption>
> </profiles>
>
> - David
>
> --------------------
> Thread-Topic: Encryption-ERROR
> thread-index: AcbWlfikydK4cZTpT92xy4T3IFdTyw==
> X-WBNR-Posting-Host: 70.88.248.145
> From: =?Utf-8?B?WGNlbA==?= <Xcel@discussions.microsoft.com>
> References: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
> <s66scAp1GHA.396@TK2MSFTNGXA01.phx.gbl>
> Subject: RE: Encryption-ERROR
> Date: Tue, 12 Sep 2006 11:05:03 -0700
> Lines: 70
> Message-ID: <A79D6D10-65D9-473B-9892-6ED5D68A7701@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> Newsgroups: microsoft.public.commerceserver.general
> Path: TK2MSFTNGXA01.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18389
> NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> David - thank you for the response.
>
> I am using the new Starter Site, however I am not run the SampleDateImport
> since I have my own data to play with.
>
> I have implemented the keys in the profile web service which now lets me
> save a credit card through the Business Applications. However I am still
> generating an error when trying to Order via the web/store. If I look in
> the
> event viewer of the Server I am getting the following error: Error
> Obtaining
> Handle to Public Key Container.
>
> Please Advise.
>
> Chris...
>
> "David Hargis [MSFT]" wrote:
>
> SampleDataImport.exe
> Then
> all
> and
> rights.
>
>
>
> --
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> Note: For the benefit of the community-at-large, all responses to this
> message are best directed to the newsgroup/thread from which they
> originated.


David Hargis [MSFT]

2006-09-20, 1:22 pm


The steps you list would work, but I'd recommend a slightly different
approach that may be a little easier:

1) Update web.config for all servers in your farm to point to a registry
key for the encryption keys:
<profiles>
<userProfile>...</userProfile>
<encryption>
<keys keyIndex="1">
<add type="publicKey"
value=" registry:HKLM\SOFTWARE\Microsoft\Commerc
e Server 2007
Keys\MySite\Date,PublicKey" />
<add type="privateKey1"
value=" registry:HKLM\SOFTWARE\Microsoft\Commerc
e Server 2007
Keys\MySite\Date,PrivateKey" />
<add type="privateKey2" value="" />
</keys>
</encryption>
and
<profilesWebService
siteName="MySite"
keyIndex="1"
publicKey=" registry:HKLM\SOFTWARE\Microsoft\Commerc
e Server 2007
Keys\MySite\Date,PublicKey"
privateKey1=" registry:HKLM\SOFTWARE\Microsoft\Commerc
e Server 2007
Keys\MySite\Date,PrivateKey"
... />

2) Run ProfileKeyManager /kn /o to create the encryption key in a text
file (Keys_Date.xml). To make things easier, you may want to make this
file visible on a share.

3) Deploy the same web.config (from above) to every server in your farm.

4) On each server in your farm run:
ProfileKeyManager /ke /kf "<path>\Keys_Date.xml" /reg:
"HKLM\SOFTWARE\Microsoft\Commerce Server 2007 Keys\MySite\Date"
This encrypts the keys in Keys_Date.xml using DPAPI and inserts them into
the registry.

This approach saves you the pain of editing web.config on each server. You
just need to be able to run ProfileKeyManager on each system, which should
be fairly straight-forward. I also recommend using the <Date> subkey to
organize your keys, as this makes it easier to roll your encryption keys at
a later date.

Hope this helps,
David


--------------------
Reply-To: "Thomas" <thomas@newsgroup.nospam>
From: "Thomas" <thomas@newsgroup.nospam>
References: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
<s66scAp1GHA.396@TK2MSFTNGXA01.phx.gbl>
<A79D6D10-65D9-473B-9892-6ED5D68A7701@microsoft.com>
<Z62yQF41GHA.4548@TK2MSFTNGXA01.phx.gbl>
Subject: Re: Encryption-ERROR
Date: Fri, 15 Sep 2006 12:00:39 -0700
Lines: 190
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Original
Message-ID: <#5B#HlP2GHA.480@TK2MSFTNGP06.phx.gbl>
Newsgroups: microsoft.public.commerceserver.general
NNTP-Posting-Host: 216.52.216.2
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18437
X-Tomcat-NG: microsoft.public.commerceserver.general

Can you be more specific is how to setup this up? Let's presume that I'm
going
to have a CS web farm so I presume I would want to make sure the keys are
actually stored in the config files so that all of the servers are
encrypting
and decrypting with the same key.

1. Run <CS install dir>\Tools\ProfileKeyManager /kn /o
This spits the out the key hash to a text file.

2. Go into the Web.Config for the site and adjust profiles like so:
<profiles>
<userProfile>...</userProfile>
<encryption>
<keys keyIndex="1">
<add type="publicKey" value="<hash value copied from the
output
file from step 1?>" />
<add type="privateKey1" value="<hash value copied from the
output file from step 1?>" />
<add type="privateKey2" value="<hash value copied from the
output file from step 1?>" />
</keys>
</encryption>

3. Then...? Go into the Web.Config file for profile web service and...?


<rant>
This is another example of something that should be in the installation of
the
program and is documented poorly. Developers shouldn't have to go on a
which
hunt just to add a profile to the system.
</rant>


Thomas


"David Hargis [MSFT]" <davidhargis@online.microsoft.com> wrote in message
news:Z62yQF41GHA.4548@TK2MSFTNGXA01.phx.gbl...
>
> You'll need to add the same keys to web.config of the StarterSite (runtime
> site) in the profiles section. Here's an example:
>
> <profiles>
> <userProfile
> profileDefinition="UserObject"
> userIdProperty="GeneralInfo.user_id"
> organizationIdProperty="AccountInfo.org_id"
> catalogSetIdProperty="AccountInfo.user_catalog_set"
> userIdSource="ASP.NET"
> userIdKey="GeneralInfo.email_address"
> userIdTarget="GeneralInfo.user_id"/>
> <organizationProfile
> profileDefintion="Organization"
> organizationIdProperty="GeneralInfo.org_id"
> catalogSetIdProperty="GeneralInfo.org_catalog_set"/>
> <encryption>
> <keys keyIndex="1">
> <add
> type="publicKey"
> value=" registry:HKEY_LOCAL_MACHINE\SOFTWARE\Mic
rosoft\Commerce Server
> 2007 Keys\StarterSite,PublicKey"/>
> <add
> type="privateKey1"
> value=" registry:HKEY_LOCAL_MACHINE\SOFTWARE\Mic
rosoft\Commerce Server
> 2007 Keys\StarterSite,PrivateKey"/>
> <add
> type="privateKey2"
> value=""/>
> </keys>
> </encryption>
> </profiles>
>
> - David
>
> --------------------
> Thread-Topic: Encryption-ERROR
> thread-index: AcbWlfikydK4cZTpT92xy4T3IFdTyw==
> X-WBNR-Posting-Host: 70.88.248.145
> From: =?Utf-8?B?WGNlbA==?= <Xcel@discussions.microsoft.com>
> References: <1A0B45F8-F688-4A02-AF1F-38C796FF3266@microsoft.com>
> <s66scAp1GHA.396@TK2MSFTNGXA01.phx.gbl>
> Subject: RE: Encryption-ERROR
> Date: Tue, 12 Sep 2006 11:05:03 -0700
> Lines: 70
> Message-ID: <A79D6D10-65D9-473B-9892-6ED5D68A7701@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
> Newsgroups: microsoft.public.commerceserver.general
> Path: TK2MSFTNGXA01.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.commerceserver.general:18389
> NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> David - thank you for the response.
>
> I am using the new Starter Site, however I am not run the SampleDateImport
> since I have my own data to play with.
>
> I have implemented the keys in the profile web service which now lets me
> save a credit card through the Business Applications. However I am still
> generating an error when trying to Order via the web/store. If I look in
> the
> event viewer of the Server I am getting the following error: Error
> Obtaining
> Handle to Public Key Container.
>
> Please Advise.
>
> Chris...
>
> "David Hargis [MSFT]" wrote:
>
> SampleDataImport.exe
> Then
> all
> and
> rights.
>
>
>
> --
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> Note: For the benefit of the community-at-large, all responses to this
> message are best directed to the newsgroup/thread from which they
> originated.





--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com