Top Menu

In the last project which I worked on, I had strange behavior with out-of-box WAP configuration. Everything was good until I did first tests in WAP like creating new Plans. Each attempt ended in failure with error:

One or more errors occurred while contacting the underlying notification subscribers. The operation may be partially completed.

and with EventID 12 in MgmtSvc-AdminAPI and MgmtSvc-AdminSite log.

Unfortunately event details was not very helpful – just standard .NET stack trace exception without any useful information. After long and deep investigation using Fiddler, Network Monitor, and other tools the cause was discovered. That was discrepancy between the encrypted password set on each of the AdminAPI nodes for the UsageService Resource Provider and the local encrypted web.config (The UsageAdminAPIClient is used by the AdminAPI to contact the UsageService).

If you have similar cause, check passwords using below commands – all run on the AdminAPI machine.

The command below will show the UsageService passwords for the AdminEndpoint:

(Get-MgmtSvcResourceProviderConfiguration -DecryptPassword -Name UsageService).AdminEndpoint

The below command can tell you what the initially-configured password with which the UsageService was configured:

$dbServer = 'YourSql.domain.com'
$passphrase = 'WapPassphrase'
$connectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.Config;Integrated Security=SSPI;Persist Security Info=False', $dbServer)
Get-MgmtSvcDatabaseSetting -Namespace UsageService -Passphrase $passphrase -Name UsageAdminAPIPassword -ConnectionString $connectionString

Note that even if the above values match what is in the provider configuration, the actual value used by the UsageService at run-time to validate incoming requests is hashed and stored locally in the web.config of the usage service:

Get-MgmtSvcSetting -Namespace UsageService -Name UsageAdmin*

If you want to update the configured password for the UsageService, you can do so using the following command:

Set-MgmtSvcSetting -Namespace UsageService -Name UsageAdminAPIPassword -Value 'MyNewPassword' -Encode

Now you can try to reset the passwords using the following script. This will grab the existing password out of the database and then set if back to both the web.config and the database (Repeat this script on each AdminAPI node if you have more then one server).

Import-Module MgmtSvcAdmin
$dbServer = 'YourSql.domain.com'
$passphrase = 'WapPassphrase'
$connectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.Config;Integrated Security=SSPI;Persist Security Info=False', $dbServer) 
$usageAdminAPIPassword = (Get-MgmtSvcResourceProviderConfiguration -DecryptPassword -Name UsageService).AdminEndpoint.AuthenticationPassword
Write-Host -ForegroundColor Yellow "Old password"
Get-MgmtSvcDatabaseSetting -Namespace UsageService -Passphrase $passphrase -Name UsageAdminAPIPassword -ConnectionString $connectionString
Write-Host ""
Write-Host -ForegroundColor Yellow "Updating UsageAdminAPIPassword password in web.config and database" 
Write-Host ""
Set-MgmtSvcSetting -Namespace UsageService -Name UsageAdminAPIPassword -Value $usageAdminAPIPassword -Encode
Set-MgmtSvcDatabaseSetting -Namespace UsageService -Name UsageAdminAPIPassword -Value $usageAdminAPIPassword -ConnectionString $connectionString -Force -Passphrase $passphrase

To summarize above:

  • Symptom
    • Provisioning Plans in WAP fail when it is created.
  • Cause
    • Encrypted password for UsageService Resource Provider on the AdminAPI nodes and the local web.config and the database out of sync.
  • Resolution
    • Reset password for the UsageService on both AdminAPI nodes, set same password in the database used attached script.

About The Author

4 Comments

  1. If after the last script. perform the password must match the password to the other two points?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close