When using SIM to install new products into an existing Symantec Management Platform installation, the installation fails with the message:
In addition to the "Install could not continue because the web service was not available at https://server" message, the Symantec Installation Manager logs contain the following Error-level message:
Failed to get registered services from https://managementserver.domain.com/Altiris/NS/Services/ServiceConfigurationWebService.asmx
( Exception Details: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Altiris.NS.Installation.ServiceConfigurationWebServiceProxy.GetRegisteredServices()
at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams) )
( Exception logged from:
at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, Exception exception)
at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams)
at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
at Symantec.Installation.Context.WizardProcess.InstallManager.PerformInstallAndConfig()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
)
( Extra Details: Type=System.Net.WebException Src=System.Web.Services
Inner Extra Details: Type=System.Security.Authentication.AuthenticationException Src=System )
The SSL Certificate in IIS Bindings on the server is configured for a different FQDN than the name listed in the error and logs. The settings from the initial installation use the server name, instead of the certificate name currently in use.
One workaround is to temporarily change IIS Bindings for HTTPS to use the certificate found in the error messages, then do the installation, and then change the certificate back to the one being used.
If the Symantec Management Platform server was installed with HTTPS required and/or a custom port specified, and then those settings were changed afterwards, then changing the Bindings will not work for that. To this fix:
Applies To
Symantec Management Platform 7.1 and later
configured to require SSL communication during the initial installation