Event log: Macro security errors
Macro errors or Macro Resolver errors are often the result of an issue with a Kentico Xperience Macro Signatures error. Correcting this type of error is usually relatively simple and can be done quickly but should be considered a high priority as they can adversely affect the user experience of your site.
Constant Care for Kentico will ensure the number of macro resolver security errors is no more than 0 (default)
You can manage your settings for this checkup in the Constant Care for Kentico admin settings.
To review any Macro security errors you can navigate to the Event Log application.
Filter Source to "macro" and Event Code to "checksecurity"
You can view Macro security errors in more detail by clicking on the eye icon next to the MacroResolver CHECKSECURITY issue.
You will likely see the message "The signature is not valid".
These errors typically occur after staging. It can be due to a number of issues, but most commonly it is one of the following:
- The user that signed/created the macro does not exist across all environments.
- The user that signed/created the macro does not have the same permissions across all environments.
- The hash salts in your web.config (CMSHashStringSalt) do not match across all environments.
To quickly resolve this (fix your production site), you should simply resign all macros.
- Go to the System application.
- Choose the Macros tab.
- Go to Signatures.
- Check the Sign all macros checkbox.
- Click the button Update macro signatures.
Now you can hit a few pages on your site where the macros were and confirm that resigning the macros has indeed resolved your issue by checking the Event Log again.
To do the proper fix for future staging deployments, find the root issue. Ensure users exist with proper permissions. Ensure hash salt is the same.
Follow Kentico's best practices when it comes to Macro Security:
Not sure what to do?
If you are ever unsure about making changes to your site, we encourage you to reach out to your
Kentico Xperience Gold Partner. If you do not have a partner,
then feel free contact the Constant Care For Kentico team to get connected
with an expert