The Symantec Management Agent, on the Notification Server, fails to connect to itself over https while using an alias name for the server and the agent logs show 403 errors.
Was found that you can access the console using IE on the Notification Server over https with the alias name without getting the 403 errors, so the SSL certificate is not causing the issue. Also client machines can access the console and their agent can communicate over https using the alias as well.
The issue was only happening with the agent on the NS.
NS Agent Logs:
 9/24/2014 9:27:58 AM (AeXNSAgent.exe) NetworkOperation
Operation 'Get' failed.
Http status: 403
Error type: HTTP error
Error result: 0x80042D21
Error code: 0
Error note: HTTP status: 403 Forbidden. Empty response content received, probably web server is not running or URL is invalid. In some cases Windows can return response header with Content-Length field but with empty response payload
The issue had to do with IIS blocking the agent because of the settings for client certificates.
7.5 SP1 HF2 and later
While in the IIS Manager on the Notification Server we found that under 'Default Web Site --> Altiris --> SSL Settings' it was set to "Accept" for client certificates. We changed this to "Ignore" and then the NS agent was able to connect to itself using https and the alias name.
See "Internet Information Services (IIS) 8 may reject client certificate requests with HTTP 403.7 or 403.16 errors" which shows the exact errors we were getting in the IIS Logs