Symantec Installation Manager fails to install products - Install could not continue because the web service was not available at https://servername.fqdn:443

book

Article ID: 155880

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

When using SIM to install new products into an existing Symantec Management Platform installation, the installation fails with the message:

In addition to the "Install could not continue because the web service was not available at https://server" message, the Symantec Installation Manager logs contain the following Error-level message:

Failed to get registered services from https://managementserver.domain.com/Altiris/NS/Services/ServiceConfigurationWebService.asmx

( Exception Details: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Altiris.NS.Installation.ServiceConfigurationWebServiceProxy.GetRegisteredServices()
at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams) )
( Exception logged from:
at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, Exception exception)
at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams)
at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
at Symantec.Installation.Context.WizardProcess.InstallManager.PerformInstallAndConfig()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
)
( Extra Details: Type=System.Net.WebException Src=System.Web.Services

Inner Extra Details: Type=System.Security.Authentication.AuthenticationException Src=System )

Cause

The SSL Certificate in IIS Bindings on the server is configured for a different FQDN than the name listed in the error and logs.  The settings from the initial installation use the server name, instead of the certificate name currently in use.

Resolution

One workaround is to temporarily change IIS Bindings for HTTPS to use the certificate found in the error messages, then do the installation, and then change the certificate back to the one being used.

If the Symantec Management Platform server was installed with HTTPS required and/or a custom port specified, and then those settings were changed afterwards, then changing the Bindings will not work for that.  To this fix:

  1. Open Regedit on the Symantec Management Platform server
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\AIM\Configuration\NsConfiguration
  3. Modify the "NsWebSiteSSL" key and change the value to "False"
  4. Modify the "NsWebSitePort" key, if needed, to change the value to port 80 (decimal)
  5. Modify the "NsWebSiteHost" key, if needed, to change the value to the proper FQDN of the server
  6. Check that "Require SSL" setting in IIS Manager for the Default Web Site>SSL Settings is unchecked.
  7. Go back into the Symantec Installation Manager and restart the installation.

Applies To

Symantec Management Platform 7.1 and later
configured to require SSL communication during the initial installation

Attachments