Search Engine: Elastic

Article ID: 121837, created on May 30, 2014, last review on Jun 12, 2014

  • Applies to:
  • Operations Automation 5.5


Task related to WAP subscription provisioning fails with the error:

Internal error: SDK::Platform::blob Plesk::SaaS::SaaSManagerTasks_impl::taskExecuteWorkflow(const SDK::Platform::Properties&) : [APSC] [AZURE] {"Code":"ErrorFromUnderlyingNotificationSubscribers","Message":"One or more errors occurred while contacting the underlying notification subscribers. The operation may be partially completed.","Details":[]}.

The following error is shown in /var/log/WAP/error.log:

2014-05-12 13:03:28,400 ERROR IaaSKeyStoreImpl [main] - Failed to init key manager factory Cannot recover key


The error means that one of the WAP certificates has incorrect password.


There are 3 certificates on POA MN:

# /usr/java/default/bin/keytool  -list -keystore /usr/local/share/WAP/WAPKeyStore -storepass <password from wap-config.xml>

wap, Mar 20, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:EC:AA:01:85:91:F3:1F:6B:5A:EC:05:2E:26:8D:74:68:07:A0:DB
mgmtsvc-adminapi, May 7, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 60:07:C9:3C:7A:3A:B5:14:C4:13:EE:B2:14:75:7D:5A:A2:F9:FA:69
mgmtsvc-usage, May 7, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 67:A0:E9:EB:7C:5E:F9:1F:36:E8:EC:DC:52:76:0A:ED:ED:B6:DE:31

How to understand what certificate causes the issue? Lets check each of 3 entries (we will try to change current password, for example from 'testpwd' to '111111'):

# cd /usr/local/share/WAP
# cp WAPKeyStore WAPKeyStore-tmp

# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias wap -keypass testpwd

# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias mgmtsvc-adminapi -keypass testpwd
keytool error: Cannot recover key

# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias mgmtsvc-usage -keypass testpwd
keytool error: Cannot recover key

That means that entry 'wap' has password 'testpwd' and it was successfully changed to '111111', but we were unable to change password for entry 'mgmtsvc-adminapi' and 'mgmtsvc-usage' because their password is not 'testpwd'.

To fix the issue, do the following:

  1. get real passwords for 'mgmtsvc-adminapi' and 'mgmtsvc-usage'

  2. change them to 'testpasswd' in WAPKeystore using the above-mentioned command (i.e. to the password from wap-config.xml file):

    # /usr/java/default/bin/keytool -keypasswd -new testpasswd -keystore WAPKeyStore -storepass testpasswd -alias mgmtsvc-adminapi -keypass currentcertpasswd
    # /usr/java/default/bin/keytool -keypasswd -new testpasswd -keystore WAPKeyStore -storepass testpasswd -alias mgmtsvc-usage -keypass currentcertpasswd
  3. restart WAP service and make sure that the error Failed to init key manager factory is not shown in log:

    # service WAP restart

5b048d9bddf8048a00aba7e0bdadef37 caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF