[Windows Azure Pack] Task fails: One or more errors occurred while contacting the underlying notification subscribers, Failed to init key manager factory : CloudBlue Technical Support

Symptoms

Task related to WAP subscription provisioning fails with the error:

Internal error: SDK::Platform::blob Plesk::SaaS::SaaSManagerTasks_impl::taskExecuteWorkflow(const SDK::Platform::Properties&) : [APSC] [AZURE] {"Code":"ErrorFromUnderlyingNotificationSubscribers","Message":"One or more errors occurred while contacting the underlying notification subscribers. The operation may be partially completed.","Details":[]}.

The following error is shown in /var/log/WAP/error.log:

2014-05-12 13:03:28,400 ERROR IaaSKeyStoreImpl [main] - Failed to init key manager factory
java.security.UnrecoverableKeyException: Cannot recover key

Cause

The error means that one of the WAP certificates has incorrect password.

Resolution

There are 3 certificates on POA MN:

# /usr/java/default/bin/keytool  -list -keystore /usr/local/share/WAP/WAPKeyStore -storepass <password from wap-config.xml>

wap, Mar 20, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:EC:AA:01:85:91:F3:1F:6B:5A:EC:05:2E:26:8D:74:68:07:A0:DB
mgmtsvc-adminapi, May 7, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 60:07:C9:3C:7A:3A:B5:14:C4:13:EE:B2:14:75:7D:5A:A2:F9:FA:69
mgmtsvc-usage, May 7, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 67:A0:E9:EB:7C:5E:F9:1F:36:E8:EC:DC:52:76:0A:ED:ED:B6:DE:31

How to understand what certificate causes the issue? Lets check each of 3 entries (we will try to change current password, for example from 'testpwd' to '111111'):

# cd /usr/local/share/WAP
# cp WAPKeyStore WAPKeyStore-tmp

# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias wap -keypass testpwd

# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias mgmtsvc-adminapi -keypass testpwd
keytool error: java.security.UnrecoverableKeyException: Cannot recover key

# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias mgmtsvc-usage -keypass testpwd
keytool error: java.security.UnrecoverableKeyException: Cannot recover key

That means that entry 'wap' has password 'testpwd' and it was successfully changed to '111111', but we were unable to change password for entry 'mgmtsvc-adminapi' and 'mgmtsvc-usage' because their password is not 'testpwd'.

To fix the issue, do the following:

get real passwords for 'mgmtsvc-adminapi' and 'mgmtsvc-usage'

change them to 'testpasswd' in WAPKeystore using the above-mentioned command (i.e. to the password from wap-config.xml file):

# /usr/java/default/bin/keytool -keypasswd -new testpasswd -keystore WAPKeyStore -storepass testpasswd -alias mgmtsvc-adminapi -keypass currentcertpasswd

# /usr/java/default/bin/keytool -keypasswd -new testpasswd -keystore WAPKeyStore -storepass testpasswd -alias mgmtsvc-usage -keypass currentcertpasswd

restart WAP service and make sure that the error Failed to init key manager factory is not shown in log:
```
# service WAP restart
```