AppSense

AppSense Management Console crashes when trying to add Client Access Credentials

on

Sometimes after restoring an AppSense database and/or rebuilding an AppSense server, you might notice you can’t push agents (Client Communications Agent/CCA, Environment Manager Agent, etc.) to clients and it will give you an error in the Management Console. The Status field will say:

No client access credentials have been specified. Please enter credentials before retrying to to Poll the client.

and under the Client Access Log, you can see more details on the error:

Could not use credential: "DOMAIN\UserID", error: Password decryption failed, error: [Unable to access the Master Key on the server, error was Keyset does not exist.]

In a pinch, you can manually install the agents on the client and they will start checking in but you are still going to get these error messages in the Management Console:
2

When you go to “Client Access Credentials”, you will get prompted with the following error message:

DataAccessServices.CryptoManager+MasterKeyAccessException: Unable to access the Master Key on the server, error was Keyset does not exist

1

If you hit OK and attempt to enter the missing credentials, the AppSense Management Console will crash on you. As in the entire MMC will crash and disappear. Don’t worry, this is an easy fix.

1. Go to Start > All Programs > AppSense > Management Center > AppSense Management Server Configuration

8

2. The Encryption field will likely be red. Just click it and you will see the Encryption Key Status is “Not Valid”. The Transfer Key may also say “Not Present”:

3

3. Go ahead and click the “Regenerate” button. It will warn you asking “Are you sure that you want to replace the current master key hash? A new master key hash will be regenerated”. Go ahead and click OK:

4

4. Now click “Store” for the Transfer Key. It will ask you to enter a new Transfer Key Password. Go ahead and type it in and press OK. One thing to note, if you are load balancing the Management Server and it says the Transfer Key is “Present”, do not click Store and enter a new one. Instead just click Retrieve and type the password when prompted. If you are load balancing and it doesn’t have the Transfer Key present, use Store on the first server and when performing these steps on the second server, use Retrieve:

5

5. Now your Encryption settings should look something like this. Encryption key is “Valid” and Transfer Key is “Present”:

6

6. Now open up the Management Console again and you should should be able to add credentials under Client Access Credentials. You might even see the old user name and password in there. You will have to re-enter the password on it though:

9

7. Now go back to your Deployment Group and find your client machine. Click “Poll Now” and it should successfully poll impersonating using the credential you entered.

7

About Jason Samuel

Jason Samuel lives in Houston, TX with a primary focus on strategic advisory and architecture of end-user computing, security, enterprise mobility, virtualization, and cloud technologies from Citrix, Microsoft, & VMware. He also has an extensive background in web architecture and networking over his 20+ year career in IT. He is an Author, Speaker, and Local User Group Community Leader. He is certified in several technologies and is 1 of 63 people globally that is a recipient of the prestigious Citrix Technology Professional (CTP) award. He is 1 of 42 people in the world that has been awarded as a VMware EUC Champion and VMware vExpert. He is a featured author on DABCC which provides the latest IT Community News on Cloud, Data Center, Desktop, Mobility, Security, Storage, & Virtualization. In his spare time Jason enjoys writing how-to articles and evangelizing the technologies he works with. Disclaimer: The content and opinions expressed in articles and posts are his own and are by no means associated with his employer.

Recommended for you

3 Comments

  1. Mark

    March 18, 2013 at 12:28 PM

    I’m having this same issue. I followed your instructions and it now shows Valid and Present, however I’m still getting the error. It’s driving me nuts trying to figure this one out.

  2. Jason Samuel

    March 19, 2013 at 4:23 PM

    @Mark
    Mike filled me in on what was going on. Wish I could help you but sounds like something unique in that particular setup. I’d like to know the answer once you figure it out. 🙂

  3. Mark

    March 22, 2013 at 2:20 PM

    Fixed it. It helps when you REALLY DO have Domain Admin rights when installing haha.

Leave a Reply

Your email address will not be published.