I am working on AEM 6.4 version as a part of upgrade work from version 6.2.
We have ADM set-up in our environments for previous version and during upgrade we have re-implemented ADM for images and videos.
while ADM set-up is working fine for images & Videos are not playing on Publish servers, reason being it is not able to decrypt the user password, however, it works fine on author instance and in WCM-MODE disabled.
Error I see in logs is:
com.day.cq.dam.s7dam.common.config.impl.DynamicMediaServicesConfigByAPI Failed to decrypt password com.adobe.granite.crypto.CryptoException: Cannot convert byte data at com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:130) [com.adobe.granite.crypto:3.4.12] at com.day.cq.dam.s7dam.common.config.impl.DynamicMediaServicesConfigByAPI.getRegistrationId(DynamicMediaServicesConfigByAPI.java:71) [com.day.cq.dam.cq-dam-s7dam:5.11.142]
I have verified
1. if the videos are published on IS server, which is perfectly fine.
2. Verified by hardcoding the video-server path in the code and in this case it works fine (for videos as well as video server path is hardcoded)
3. Video renditions are created for the encoded format as well.
4. Video presets are applied for encoding on the root-folder.
5. Connection to IS server is also in place.
Any Help would be really appreciated.
It looked like a permission issue,
after we grant read permission specifically for "everyone" it solves the problem and videos works fine.
Not sure if we should be giving permission specifically for the user since throwing this error.
as during debugging, we found that it is trying to read the configuration values with "anonymous" user who is not able to read and decrypt it hence throwing this error.
Anyways thanks for checking on this one.
Replying on behalf of Gurpreet Singh Bhatia:
"The error mentioned [above] indicates that the encrypted registrationId value in the dynamicmedia cloud service configuration cannot be decrypted due to which the video cannot be retrieved & played. I do not see any permissions issue here.
This can generally happen if the dynamicmedia cloud service configuration was replicated or copied from another instance. Every AEM instance has a different key that is used for encryption, so a value from one instance can't be decrypted by another instance. Recreating the cloud configuration will resolve the issue."