When attempting to access the 7.1 console the user is rejected and redirected to the "/Altiris/NS/access_denied.aspx" page, even though the user's account is a member of the Symantec Administrators, or another role.
You currently do not have sufficient network access rights to the Notfication Server console.
Please contact your local area network administrator for further assistance.
CAUSE 1: The SID of the user being passed in during authentication does not match the one currently registered in the ResourceKey table for that user. This may be because the user's account had been deleted and then recreated again, or some other similar activity.
CAUSE 2: The platform had been moved to a different server, or the server had been rebuilt, and the cryptography files (NS.WebServiceCredentials.kms) in "C:\ProgramData\Symantec\SMP\KMS" were manually copied in from the original installation.
SOLUTION 1: Verify that the SID of the user matches what is currently registered for the user logging in. This can be done by doing the following:
select i1.name as [User Account], i2.name as [Windows Logon Account], i2.Guid, rk.KeyValue as [Logon Account SID], i3.name as [Security Role Membership]
from ResourceAssociation ra
join vItem i1 on i1.Guid = ra.ParentResourceGuid
and ra.ResourceAssociationTypeGuid = '4582ADBC-43FA-4783-807A-A3CD7D58992C' -- Account Credential
join vItem i2 on i2.Guid = ra.ChildResourceGuid
join ResourceAssociation ra2 on ra2.ChildResourceGuid = ra.ParentResourceGuid
and ra2.ResourceAssociationTypeGuid = '63468F04-6751-448D-891C-B59906360A27' -- Role Trustee
join vItem i3 on i3.Guid = ra2.ParentResourceGuid
left join ResourceKey rk on rk.ResourceGuid = ra.ChildResourceGuid
and rk.KeyName = 'sid'
order by 1,5
update ResourceKey set KeyValue = 'S-1-5-21-3432280060-18471939-2378652306-1008' where ResourceGuid = '69381C01-EB37-4471-A025-1D793D3C32EC' and KeyName = 'sid'
SOLUTION 2: If there is a question about the cryptography files in the KMS folder then they can be regenerated by doing the following: