Unable to launch Symantec Management Console due to a change to the Application Identity credentials


Article ID: 158871


Updated On:


Symantec Products


Unable to launch Symantec Management Console due to a change to the Application Identity credentials


If the Symantec Management Console will not load due to the change, there are 2 methods that could be used to resolve this problem (if this is related to Notification Server 6 use Method 1): 

METHOD 1: Use the AexConfig.exe utility and use the /svcid switch to reset this Identity.  
1.Open a Windows command prompt directly from the NS7 server 
2.Browse to \Program Files\Altiris\Notification Server\Bin 
3.Substitute the appropriate domain, username and password into the syntax below and run this command in the DOS window:
AeXConfig.exe /svcid user:<domain\username> password:<password>
In some instances the above method will not work correctly.  The steps below will work if the above process fails: 
1.Open the Windows Registry editor 
2.Browse to the registry key:
HKLM\SOFTWARE\Altiris\express\Notification Server\AppIdentity 
3.Delete the items:
4. Run:
AeXConfig.exe /svcid user:<domain\username> password:<password> 
5.In one instance we had to reboot the server after deleting these reg keys. 
You might also wish to save this command and run it as a batch file. To do so here is the syntax: 
"C:\Program Files\Altiris\Notification Server\Bin\AeXConfig.exe" /svcid user:<domain\username> password:<password> 
For additional information about the various command line switches available, from the DOS prompt run "aexconfig.exe /?" 
METHOD 2: Use SIM to repair the credentials 
If Method 1 fails, make sure you are running the latest version of SIM - version 7.0.715 (SP4) and use SIM to repair the the Symantec Management Platform. If this second method fails, confirm the version of SIM being used as there was a known issue in previous builds of SIM that would prevent this from working properly. (See TECH41586 for more details on the problem that was resolved in SP2).
METHOD 3:  If you can load the console: 
Click on Settings >All Settings>Notification Server> Notification Server Setting > Processing and change to the desired credentials and click OK.  
Last option does work, although it does fall into the "Not preferred" method. I would use this as a last case situation when the above listed items fail. 
Create another service account, get the AD SID. Then update the [SecurityTrustee] table in the Symantec_CMDB database.