Symantec Management Agent Install fails using Scheduled Push to Computers


Article ID: 156438


Updated On:


Management Platform (Formerly known as Notification Server)


Pushing the Symantec Management Agent to discovered windows computer individually selecting computers through "Rollout Agent to Computers" completes successfully, however the Scheduled Push to computers does not work.

SMP logs (a.log) report "Unable to push agent to newly discovered machines.  The key 'NS.ClientCredentials' does not exist."


The file NS.ClientCredentials.kms is missing from \programdata\symantec\smp\kms.


In this case the issue is a missing KMS key.

There are two possible ways to get those missing KMS keys recreated:

A) From the command line prompt, run AeXConfig.exe /configure "<drive>:\Program Files\Altiris\Notification Server\Config\CoreSolution.config". It may take a while to finish but usually after 10min approx. the KMS keys should start appearing on the default location.

B) Use the Migration Tool to import this key from another server. In one particular case the Migration tool  (NSUpgradeWizard.exe under the "...\Program Files\Altiris\Upgrade" folder) was used on the parent NS and exported its KMS keys. Then it was imported to the Child NS using the Migration tool as well. Restart the Altiris Services. These are the steps:

  1. Get a working copy of the Upgrade folder: 
    1. Zip the upgrade folder from a working install at the following location:  Program Files\Altiris.
    2. Copy the file created above to the SMP with the error
    3. Unzip it so that all contents (files and subdirectories) are in \Program Files\Altiris\Upgrade.
  2. Run NSUpgradeWizard.exe from the \program files\altiris\upgrade\ on a working SMP.  In the NSUpgradewizard User Interface (UI) do the following:
    1. Select Next to begin the upgrade.
    2. Select Export data from Symantec Notification Server to file store.
    3. Make note of data store name and location.
    4. Click Next.
    5. Ignore creating password, click Next.
    6. It can take 5 to 10 minutes for the system to "Initializing exporters".
    7. Uncheck all products except Notification Server.
    8. Enable only the Symmetric Keys, Export KMS Symmetric cryptographic keys.
    9. Click Next. 
    10. Ignore any errors in the readiness check, and click Next.
    11. Note the location and name of the file store file, and click Next.
    12. Message should appear: The data export has completed successfully. Click OK.
    13. Click Finish.
  3. Copy the file store file created by the NSUpgradeWizard (*.adb) from the working NS to the non-working SMP.
  4. Run the NSUpgradewizard on the target SMP.  From the NSUpgradewizard UI:
    1. Select Import data from a file store into an Symantec Notification Server and Browse to the data store file that was copied over from the working SMP
    2. Select the file in the Import data from file store window, click open.
    3. Click Next.
    4. Ignore the password, unless there was a password created when the data store file on the working SMP was created, click Next.
      It will take a few minutes to "Initializing importers".
    5. Click Next.
    6. Ignore readiness check failures, if any.
    7. Click Next.
    8. Click Yes to "Do you want to continue?"
    9. Click Next.
    10. Click Ok if you see "Data import completed with errors".
    11. Click Finish.
  5. Open the Symantec Management Console, and retry the Scheduled Push to Computers from (Actions>Agents/Plug-ins>Push Symantec Management Agent) Symantec Management Agent Install


Applies To

Symantec Management Platform 7.1 Service Pack 2