Blueprint WCF Secure Communication service fails health status check during initial install

During an intial install of the Blueprint 5.x Collector Server, the WCF Secure Communication service may fail its health status check.  In the Blueprint Server Configuration tool, the Enterprise Service Tester displays the error message:

Unable to update the server health status for the local server.  Please ensure the Pharos Systems TaskMaster service is running and that the parent server can be contacted.

Please see the screenshot below for an example:

Cause

There are two causes for this, depending on the version of Pharos Blueprint Enterprise being installed.

Blueprint 5.0.7078 (General Release)

WCF Secure Communication service fails during an intial install of the Collector Server when the Analyst Server is running Blueprint 5.0 Service Pack 2 (SP2), but the Collector Server is not. This is because Blueprint 5.0 SP2 uses 1024-bit certificates, while prior versions use 512-bit certificates.  The Collector Server and Analyst Server are unable to establish an SSL connection due to the mismatched security configurations.  Blueprint 5.0 SP2 transitioned to 1024-bit certificates in response to the minimum certificate key length set by Microsoft Security Advisory 2661254 and NIST special publication 800-131A.

Blueprint 5.1.7838 and newer

The WCF Secure Communications test will fail if the internal certificate for these communications is not correct. This can happen for any number of reasons, the end result being that the private key is incorrect, so communications fail.

Resolution

Blueprint 5.0.7078

Apply SP2 to the Collector Server, then re-run the Enterprise Service Tester from the Blueprint Server Configuration tool.  The WCF Secure Communication service should pass now.

Blueprint 5.1.7838 and newer

NOTE: You must do this on all servers hosting Blueprint Analyst and Collector software.

1. Start an administrative command prompt.

2. Navigate to C:\Program Files (x86)\PharosSystems\Blueprint\bin (or whatever drive/folder path was used for the installation).

3. Type the following:

PharosSystems.Communications.ResetWcfSecurity.exe /password:SITECODE

where SITECODE is your Pharos license Site Code. See the Locating the Product Version and Site Code article for Blueprint to find out your Site Code if you do not know it).

4. Press the ENTER key on the keyboard.

At this point, all connection tests to the Analyst from the Collector will work.