RE: WSE3 web farm problem: "Key not valid for use in specified state"

From: Cindy <Cindy@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 30 May 2007 10:06:00 -0700

I was having the same problem and the problem was fixed by adding the
following to the web services web.config file under the
<microsoft.web.services3>:

<tokenIssuer>
<statefulSecurityContextToken enabled="true"/>
<serviceToken>
<add>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>XXXXXXXXXXX</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
</add>
</serviceToken>
</tokenIssuer>

The X509SubjectKeyIndentifier is the Windows Key Identifier (Base64 Encoded)
found by opening your certificate using the WSE X.509 Certificate Tool
(C:\Program Files\Microsoft WSE\v3.0\Tools\WseCertificate2.exe). Replace the
XXXXXXXXX with this key identifier.

Cindy

"Bryan" wrote:

I have a web service in ASP.NET 2.0 and WSE 3.0. It worked fine until I
setup a web farm with a hardware load balancer. The error I received is "Key
not valid for use in specified state". However, If I connect directly
without going through load balancer, then all servers work fine. I looked at
the client and servers WSE trace, and noticed that the sct was issued in
server1, and the actual request went to server2, like the following

Client output: RST
server1 input: RST
server1 output: RSTR
Client input: RSTR

Client output: Web Service Request
server2 input: Web Service Request ==> Exception: Key not valid for use in
specified state in (Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate11Assertion+ServiceInputFilter)
server2 output: ==> Exception thrown: Send security filter on the server
could not retrieve the operation protection requirements from the operation
state.

The WSE configuration uses X.509 Certificates with client authorization, the
following is my policy file, with stateful security context token enabled in
web.config.

--- Policy start ---

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>

<extensions>

<extension name="authorization"
type="Microsoft.Web.Services3.Design.AuthorizationAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

<extension name="mutualCertificate11Security"
type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

<extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

</extensions>

<policy name="WSE">

<authorization>

<allow user="CN=Client" />

<deny user="*" />

</authorization>

<mutualCertificate11Security establishSecurityContext="true"
renewExpiredSecurityContext="true" requireSignatureConfirmation="true"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
requireDerivedKeys="true" ttlInSeconds="300">

<serviceToken>

<x509 storeLocation="LocalMachine" storeName="My"
findValue="CN=WebService" findType="FindBySubjectDistinguishedName" />

</serviceToken>

<protection>

<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />

<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />

<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />

</protection>

</mutualCertificate11Security>

<requireActionHeader />

</policy>

</policies>

--- Policy End ---

The following is the trace log in server2 when the request failed.

--- server2 input trace start ---
<inputMessage utc="5/10/2007 8:59:49 PM"
messageId="urn:uuid:9b1284d1-f19e-4509-b7f2-7178625ad545">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action
wsu:Id="Id-51bb555b-d19f-47b8-9df9-755820211ad8">MyService:MyMethod</wsa:Action>
<wsa:MessageID
wsu:Id="Id-75188109-5078-4afa-a0f7-3431d05492e6">urn:uuid:9b1284d1-f19e-4509-b7f2-7178625ad545</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-379fbea5-7c5f-404d-a959-07604062a789">

<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-6873c57a-40fd-475c-9418-f587f4544c9c">http://servers/MyService.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-bc117d74-f025-45cc-8048-c4ba7ceac781">
<wsu:Created>2007-05-10T21:01:46Z</wsu:Created>
<wsu:Expires>2007-05-10T21:06:46Z</wsu:Expires>
</wsu:Timestamp>
<wssc:SecurityContextToken
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";
wsu:Id="SecurityToken-60dd0d22-a479-4ab0-b02f-0c2c99f355ff">

<wssc:Identifier>urn:uuid:ac28f433-e1f5-48fe-ac9a-3d1e683467d8</wssc:Identifier>
<p:Cookie
xmlns:p="http://schemas.microsoft.com/wse/2005/03/StatefulSCT";>

<p:EncodedData>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAKovlp3KTE0ubFGHrKpYOrQAAAAACAAAAAAADZgAAqAAAABAAAADCOR6dq4CEcVS3aKRFEaDQAAAAAASAAACgAAAAEAAAAIXdjxkI97OK5X5kbWOF0GRYCwAAlOiL/Ih9TWF1V9beOJD1t0R/NWS04419iyqjA/SRozbk+5FjTN3EwfnDsz9IbqB89KL5e5mQ8aDPJyohh88lRzVfEoQ65UGa+KPz7SeGso3oaXwze4M7GjmdNlvcGmIOjwmwIfXZFM9jswwGWBr7CWMJd96CvyM7C2jBaHYkcbvyj4ntZe4pfBUfptyvmmQyzCzIvcB+4oPJ3I5VfxY1xJEAJrXzN396AXme4LoQ3Y5fkGeQKZgq4IpV99aiVWOjUwA3ENoAD3Uauh5cJXCnGvb6mNMjB4P7Il3dF2u6Cil4wjYm0Zm83Rw6vholTd+xRh9/TwWqx0Sa+R/3JBeloOnBgDqcGUnCtcP4USFQaTqIPnTh7tWZ7BdQQ7txZgyWk6odsDkvoAiUKEX+99joDcSYtBStXsS3E8lq8ufCqrx7M8AbuwLa0Pil++54dI7ZynXE3iewmeCVyZXwObH8MzzionooLGfmLX9bWP/wn1PvXrkhjIXacfxwB40XbYqk5g1uEJhMancGX6HnqHVBV+3DFRxf61OyLt0s9xNOUkVeZCy7eFyHP6C28WrxqitWeIz9CEke0sx4SGcFDo0eKSMvUi8Mak17BaNCsHY1Mffj2XzbUwXxBhUg8sXhpWsdsO4lmCOQ49oH5pco+t/amxcgJh5PePeWWaBztQTMsmIuY9UpcRXjKsKXwxIMpJtbDXDILrxoUX839mOVmDAfYSEKwyezoCHR0bHP3rfBXotNLSBpAWYhAiCwelF9vMQE2GzAxkzT0Ugk+rV29ckGsJEN3eqSdNQXZfIjP8qihzpOgJpxeLuO7FSLTIyVPvByN6B73jLvQSX9XX/qYs8r45GPwKu6loFDH83q365d6o3j9gDG5xUQrz7e7/G/icCfa2s3HsW9jq1C5J5YYBXREFu8A+a7l3yO+zrZmiZCCA/jAejs1yuoY6UW/v8KP7LIgKnQt2loHFinBnFNVktUT3sRCxTkYCeiHecUF/CqBh2BK78f1uXODfhQW5El2RdRFqhBqcbt1Iye7aZm8jvS1Hjyia3r9ssSsBCRPtb3Bami8hciWld0WNBybqADoEm/ATIIg633NooWmvBdS1gA+3IFdh1/j6LxGEHY8K8CmkJBY5agR/3uSM7RsnH7giLCamttAlq4mFgzKN9ZL1g5nvhiUV8628ImPM+vluXCFZZEl6xkh40rBnjIrWruMxmDe7Wp/5vFb7rZ/f5IZiIjJ1WCl2cdyrTiJZWTmG+vrWevN495SOZ44p7BxgNAVi5cZ7oI426z7W4w9pPysBGVVge3UJS3zxo63r5ghEk13Fr9UmKCRSMSWFsts/U+J+UB4remoeu1dPdkK8qLoa1taoXRzhEcMizPGLYft8WesgzK7OsclultWlNdnpScPlyfuRznNr5+hymklFMGnr1qDVmMO1/8vcVSEL9R1oDJvA35/iGhWLxbtrMb8lg6sv99HIN6LuyzH0DMI6WWlwkY6mW9lc6iyxyQk5FJEpsQ4F8uo1heT3hON6wdc6uPMQhyoSQJ/j4jGe52LmW1lnDat2rd26da/hQ8aUgCkZOFFnx/ryufNekJsxwBLZDM7/OcT90J0nigtazpAtcA4lKyGjVzRE3TU3DjYLRT9GoRFla7K/GRe1xsSUks8pHlD1a5QFJ3XwzfR8gadH3Owhbj33KTxWwke78HkQKwifijdSxLkvoDU1+ZhqzrOcilbl7GKiqm5lHYqAjq1cGbyYbxRmKDOZj/4hcNQHDuhHGl6/udDgWPHtADHcJo6HiJ2c6ln2KJX/sHyatof/Zc3++L9my2SQ/GNP4NOFIFM5BhC+XFzI8RJHvN9DCfwzFPLmPvx/z9ICOo/lv6q6Zz7wnqpDeo1XxU8/dIf9UCzYJWtLp4vfKGRWsfnQ4+/gHFU9BHyETQfYEGo3apWBNeCsrI0o/LrhRgwz6ch/EnLkktLG2SzvxHtwaaUXwyUjqwir6IxqeN9/QdiLaWJS7EV5mEsAh0V2Hs/55Riitx/IhHpxL6BEZibxhTauWWCKRhxiBBo4Y5FZ399xB0pxjObq4IxTXrmaTtCEiQGNLwb0rMD02DnoHpYbr0UAGYsBsax/aAjGHnZuOPi3YYZaVZdUqHXZ8MimlH7NfO8E6zY/OIc4Xm8xaenRBDnFzHWk4w9clM2YHApGJQpbjAb8HDNeXnUn1e/gZLYXv2ViexZ28m6XXoSKk114Kzy8WLVxAwSn+APcGmnp4I08WIFAIBVbwh/L5G+QpOP4TtaF2kIloOT/MXrKU+YOpD7LLMCijq371MZ5REPFW83f8JZG+NK61rdOTgo1hkI2TJzzg+J60P8RMS0xTAHF5Csr9WOrW/GClbgWUiiQU//HwN3sEWV/7xugvF2VxhGdnt/iftcv/vR8qw5wEY0XlbU0ZdZo6reXp/S87GYIUv8YYknlthP2SMrtdhsVKO7ka1HL4ZEAGIaY9xyleNuzv0cAfMBYTsgeLXFb4cmAmL0Zp1nkEiJ+Dw+4NUqVRfuAUE5xVpkANeebL2cJ57hRxOb31AiB1n1aI7FksvirIZxy7hNd1CX9H/2Q1G+rJ7ilTUKmWPGB2AV4kmlr4cUY5bXXROt7TrMgkil3GTnk4HOHBL+4WYTU8Ekgi6FbSCU7ghy91fK0fdr7bUUDM2HBM2iDXycyZzaiqjPr2Hv3JZFcQHONnsY7USQCGU3aW6MhzihziYkJk+ktYymjckuwOaZAlYKRksZuiBqAbdIwT7vZW/8FbL7HJjb7yVCs5jSTOVEMaX1YHfI6eFBWYAX4J7HOYcMULomd76EiNq7cch48IIwOqXXtPd0PNa9CAQlreXeawj1LK/7tUgIR7fSr7dRR9Yon0ABcgkOUlBnbUvHJ48h7EdLYcfEYX84G1fRCpQbMpgQGNQnE2a8eIE7lpiM0HiRBl4zPZzruJBpN/6mcCyy9vZgZdAx5BNpEdyIqJUMH9+gEljBEkdQsLQk0u0giPcRmnN8ESL4BfYjsKX1T+tMvIT9JODWti/kZLm032AXz6YvT7UJW4czvSs/GOFnEsw5pmrD12TnXBoyP+qcatFFgx0a7aUyiHjL5Ix336JPKKfFF01WFu11NmhDGvpLVw0EVpCJWhJ50TSWS5F7DT8ukI0KquWKjOVpRU0oqZVM+DJMdxL6rNNhz2YMSIiPW/ujW6chcJYeqmfsiaZbGhMulIoO2JVceW1duqYDMYj6HzgITDX6lO167Jd/ECEtFCcw/hkTWeAzqWctEuxAvSmLoSYMEU1m6lPN4mcxk9/4VBULvN4eDL5JC1fXTtZ1QJtI6phuUvQ9BhyJEtwGTe8tjpMsIQ4E3hFu4cMRzPQzpfnlv62FAkQzcbQZ1uwtsM5SeYTi7H6phPPWhPfrkYDQAgOwctNBZC/CtMn3sMKQ1UaEneGqi9h2BT8VIpPpP5dpPiUHQFTVuD910LOunqInp6VSJCeGaPPaaA3rQNNRiYkWBWvFsehP+/2gM76cXxYlB/yrYzFDMpAZONlF03Q+JM/JUfoza82qcW3LMVOE3ABjXEK6LqFOrI5x5n2Xet2TjakOLNuRIkuNqYNNjZ5HUoHsMWEFKfO967+tlwtUa3NeJu/mN1K2E8SPURJoDT5kGPjhALE9XCBdVSHbv1bTJCBnjwt41ThoPTkRgyFTZRyCm3jaRJDMXY0y2keuC4XGYH1EU4JJnmmsqsDoTnRI3w9cYhtoZXlfbN/viy5uk/RmUfoTKotYxwKYm3OO7CX8KlhorFmT6d04a78mCBNmd2TmGZBmoSv4s8zUZyHYKhYjYeCe5UGou9T8JYWEC49davgROoC8ymkVHwr/FmX6OJUbYRWmnJlVBBJMz2LFAAAACVqLApwNwjjsfoPnnyGePC+sWAd</p:EncodedData>

</p:Cookie>
</wssc:SecurityContextToken>
<wssc:DerivedKeyToken
wsu:Id="SecurityToken-c89f8737-6a0f-48ae-8b9b-a84c2d0a5177"
Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-60dd0d22-a479-4ab0-b02f-0c2c99f355ff"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>24</wssc:Length>
<wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
<wssc:Nonce>PkcVQuvQN2Qe/zkzo9zCqg==</wssc:Nonce>
</wssc:DerivedKeyToken>
<wssc:DerivedKeyToken
wsu:Id="SecurityToken-ac68c35f-35d8-47e5-aa26-3c624156c140"
Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-60dd0d22-a479-4ab0-b02f-0c2c99f355ff"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>32</wssc:Length>
<wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
<wssc:Nonce>kF2ZSWYJzlUX9OsbbZWKVQ==</wssc:Nonce>
</wssc:DerivedKeyToken>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:DataReference URI="#Enc-505c5713-6749-4621-8355-c9cb8eaedcc0"/>
<xenc:DataReference URI="#Enc-7246c760-6fac-46af-b286-0d1ba4568eef"/>
</xenc:ReferenceList>
<xenc:EncryptedData Id="Enc-505c5713-6749-4621-8355-c9cb8eaedcc0"
Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-ac68c35f-35d8-47e5-aa26-3c624156c140"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>

<xenc:CipherValue>W29KdTw34FIvERCdWiOzGIl3FD9HKWwlxN/VYadXs5xN4tl/vpHmDw44wNmlI0+SuT616MJQBJYe440ggrRQxHoGhSFXgsjVHGy2t6eAejuQUvCgR3pecCgXk31AZp9Reg4kF16MlXaRS2h+AZNoitiH44OaI/xHo0bDtaW2mJcgWrjLlINIuoPeJEF7C13YoVLN2pMvedxHQ1VR5ynY6iqkHfcjwsm8YFuIbvc0iY5Cz6T3HVrXsVE5PiSNwKYxGTz5zrybLN16TNu34z6GOM8oBSG0oWESqGrtGjgUEwj8Y7ZpNQQaAzCUkQtmAAMi2eDwhO94f09DTyB7757p++7K0uzwqrAi4Z9QhgLd5DRHQw3nifuUoO8ZEKxcw8zRvpRXYnEuA5xXFbsh4oVisglste1k711damhvQJpRuPmfYCFWKN4lvuR9p5pmNFw4uQwaPte/cTVf5LaSvDGsm8ECgKseav0qh04ntruw9vavHtUN5491spDBwcYo6AWiMRageKDskeng5jRLn9LtsB56xp0uf9HHE5kPJ8gz83eviNGrmhkVMI4xylwbPcyCsuR6CdU/IhgP6zJh2/pxiiUqLAiVHkfvw+IMnoLuN9aUqoePEolsq2FHyPbaSM/YIkFTPMavoI40MX1TbL7ounoaa285/gUsGtI9P/O+OsJ3kuBbp+JZcDmwWMe6BSgRJ+i9DhKB5uVdN79CRJOkaMpeNAbLxA1kHeibGVXi1cOUiHd127Em8JxPFAIQ7bHUii5Nmft9G4qB3iQ9VTsLSD/ped2n0KmbmoxHPNtC/t0M8slldlLanr6oqHmynQH3GlDsFpkNZ8y5087SkV1twVqcPuiiAE/vfxYXxclB4viBtffK2UxlPfsFp7iC9qUj06MACm7MdGCfWyiaib1chJCFly5Kgml8ZNj/2yfgufmXHam72bIP/EpyO5ss/EsjHGAXcyvYv/mS4fwXlURmVqSM+AsxWmA1gawcabUAWhEM+MyxEX2g46u0hDdJLxBPfyclAxYKbIgcObx2Ebh4GgXSCcVAKq/EMsY2MX1RhvwZsJDzXo12YZ7wzK7Oj+BXeTNWI8Ccgv7CX7ckb8MkNurY5A2dA+sto3X65TFo1VIT6zPIMWCiBgApZLkGAV7XKv8+xUQLQfA55kPAwvQ4Bmug0QJR1V55ITl/lXWmJkWtTJwsiUic1p9gpOH3j5+gp9oK990p6coT6+fvb6PpPQSRosLSMV4+OYgQ/mGQuvMTFIpX+X1pGBTiCEpG9zMIocttAr03oTwcxcc4Kwq6jcH5RsPfYWprrh6M/ElOsBDLF473D63dvrX8w6K3fKGktd2I7pCkR1BkZe/qUQMmE09H+fAldTmkb0nC916EB+D8mhpA76AFHlqvqQcK9FCt/tDa4wwArEdK6cNoouXuVMzZXn1GSfbzrZuhKDijchCRrCHBez2k/1IgZqCWDVZZf8LxwuANHJiXT+x64bFPipBESSfFtHLgWJCFGWU99dH6xFm5ePJhN9ObpykTuP9zVhyyu5Ya238tWbAwjV6B+/CSnz0qCcgBiS5/FhhRfZKEFcBGmzEtZaSYds8T1n+715G6nuxndWcOld8HNOXCjW5PYUuWmBdDTfjA7GmQUXw8OuvWiT12xWgqM8dFCI6FQmerWRB/GcA2V7/WAXhy1GQLgA6ITT4nCYC64Bw9sG+BIQHk5gsh1+YVEVC+qSdWjw6FQdb3qopkvoh0IGCufb5nlmb7xgkGojQhn/L96/tHy0aj/yNfNv9fHLsF86r6k9Hcg1sMPP/kDTrL3ZIAmbSMgmB/cqj9Izl5haqhlRpoNG/hxZHSDJXr9rDHkBYLRg5RTG6zdRNzSa1LRJsxcDG1BQALvflqbwqoBmWf2y5O608bXLgtrNJ3pp4ueRzXN//I9uC2VS3gcmqyTj6JqgFITE/jaklWbbwz2WvQyqu+TCrYUVbezytn3djSJNuqDIxZtXbGun96A5yoaHPHn/nbmoJY7IXVyzAMM0MLhgLn0VQ+4t0IEV3144yvmrO1uGNdIszSAr7tw5OJPUJv39W46Aq6URS9/Ucr26Iud9uhR5mdThOhqwhPA+DPzk1aeEuPkUfPzpxuKDCjb4FLUML2HXI02yzXVcn85BA6s0Zs4q4pv2VhNK9KpTD0UsGQOjjf7cv8qtrzs+Q1jScNS9fgjQxwJcPXhlXU67ZhJ1khk/duxEGEUghvSsFqrGojpfG03cI34+h4RUhX8CPBvLq0RJ9eN06R31Rt0W5/Qf0qq8XXizu4QBnb+V7IUBybrl6+rFV00lDYxITvf7mKElgZaHZTjcY95A1GHDsAvPK1CFfki+pYsx2oClIlnktrg20PGs9l3nkE8M6BQbMUOyuiA4kk8roJr23p6+NFH5c/e00VNELU+brChzKBKsMBdskFD7tf6aXuJ8qJMmPCkXbN/PgskuXr0KGGaGqAtqdchkmSaeuwB8OyKGe1r3mKl1zpJQjf2KFnJyI3elNJpsT+WGJUEHQMwAUw5YA/BKyn/GZgfXGPdxSDXNuBZd8fkyJgYhOLVcOj1klJAZZ7DlWJ8HI41W3ScBYvjCCKI/ZJ5fvrCz80jce2OytRowO7vubLcXW6mrweI+xQim97fYa7jAGG+jAIcYrTPATuOtec13hult6SqCUhnENYVH6Nm4oDDny787frE7G/etB1h12sKfgWDlLNHeq0wVQAMTASQh/UfAidOfkym4JvfBCWcWJsjngp4HjAsFdRYCEKClBYbarZHAnH+0Q3BKUfNENWCDFvP+evNxNeQPE+BqJ3Xc7N3Dt8lstkzK+l4JWtx3ROgADAHrv2mnCJPeqAGjR9VmWJnNenymu+eZmF3H6LlRlhXwl0zGI/r4y99pKAg0BOKBCotLeJQdYyuysex9eNtQ1jjN0p2HxmyoFFQ8dcjacn4+P+EQoKEe/tsbf8vVVUXC4jWzPhpVYnwlKJ26kE+XhVGrRynWS434je2YThdSUOtREKSL1Y03phwm0i6R9FFQhk/NHY4IvER5NRGLldoUMtkG2sVKfaxfeCSvnJQQG+U7XojOSuoq9Z4VowPFWijuptzkd05weID4dAJqs75ehLNZ2f+v+VCsisz1S0IuVMkv5zu9cE8CsGy6ZQ5GqL2hy4tFzgU3DfyREGHI3p7VczdfsJmnST7DixG0y6uDCSmNwcriqQzUfGClTobvMSCV3/UXhp+S9AM41mmXs=</xenc:CipherValue>

</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-81736880-996f-469a-8afd-d475fa8ef353">
<xenc:EncryptedData Id="Enc-7246c760-6fac-46af-b286-0d1ba4568eef"
Type="http://www.w3.org/2001/04/xmlenc#Content";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-ac68c35f-35d8-47e5-aa26-3c624156c140"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>

<xenc:CipherValue>QfAlTGPPMbzgAelQ+3gNkANVHDyCxCqBB6mjrgHS/yUpvQV7ZWoink1xYrATKlggHXiRzZjNzczqaRChcJ855lajPKo0rwDYZz7rxeG4ET2oS0sXUfk3BJ7kni8AvDJMf1+CFd5GqnmYdUvI/TtTf+vUUyUPyv3maXXsHCqOrXAUggt74oyT5LL34Mbul7GC</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate11Assertion+ServiceInputFilter"/>
<processingStep description="Exception thrown: Key not valid for use in
specified state.
"> at System.Security.Cryptography.ProtectedData.Unprotect(Byte[]
encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at
Microsoft.Web.Services3.Security.Cryptography.DataProtectionSecurityStateEncoder.DecodeSecurityState(Byte[] data)
at
Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager.DecodeTokenInfo(XmlElement encodedTokenInfo)
at
Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager.DecryptTokenInfo(SecurityContextToken sct, XmlElement encodedData)
at Microsoft.Web.Services3.Security.Tokens.SecurityContextToken.RecoverKey()
at Microsoft.Web.Services3.Security.Tokens.IssuedToken.get_Key()
at Microsoft.Web.Services3.Security.Tokens.IssuedToken.get_KeyBytes()
at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.get_Key()
at
Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String
algorithmUri, KeyInfo keyInfo)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement
encryptedElement)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt()
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)</processingStep>
</inputMessage>
--- server2 input trace end ---

Anyone has any idea what's wrong here, or any pointer to configure WSE to
work with web farm?

Bryan

References:
- WSE3 web farm problem: "Key not valid for use in specified state"
  - From: Bryan

Prev by Date: Re: $1,000 for a prompt fix for this WSE3 issue
Previous by thread: WSE3 web farm problem: "Key not valid for use in specified state"
Next by thread: The request failed with HTTP status 401: Access denied
Index(es):
- Date
- Thread

Relevant Pages

MP problem
... The P01 and P02 are configured with overlapping site boundaries based on IP-subnets. ... So, using the PolicySpy from SMS Tool kit 2 on a client assigned to P02 tells me that, the assigned MP is Server2 and the resident MP is Server1. ... I thought that the client will not use Server1 as it's resident MP anymore, since the client is no longer in the boundaries of the MP.... ...
(microsoft.public.sms.setup)
Re: CAO passed through 2 servers.
... > The CAO actually resides on the client (perhaps I am confused about this CAO ... The client then uses a remoting call to pass the object reference to ... > through Server1 on the way to being handled in the client. ...
(microsoft.public.dotnet.framework.remoting)
Read from socket failed: Connection reset by peer
... - freebsd 6.1-RELEASE-p6 running sshd in standard config. ... - I _can_ connect to this server from a Windows XP machine with PuTTY (this client as all others I have tried are on separate networks from server1. ... These two clients are each on different networks but I get the same error: Read from socket failed: Connection reset by peer. ...
(freebsd-questions)
Re: MP problem
... I had overseen a boundary, so overlapping site boundaries still exists.... ... So, using the PolicySpy from SMS Tool kit 2 on a client assigned to P02 tells me that, the assigned MP is Server2 and the resident MP is Server1. ... I believe the issue is an assignment one... ...
(microsoft.public.sms.setup)