ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Deployment Solution with SSL required fails to boot to PXE (Windows Error Code 31)

book

Article ID: 161590

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

Upon creating a new agentless policy the following warning is received repeatedly in the Server logs causing the console to load for several minutes before a new agentless policy page is displayed.

In the SbsLog_PXE.txt the following error can be seen:

 
Error Windows error code 31
 
This log is located on the PXE server on the install drive at this location:
C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS

Cause

The cause of this issue was related to a bug in the code base that led to a kerberos buffer overflow.

Resolution

 

This issue is fixed in DS 7.5 SP1 HF5.  The issue resides in the code for SbsServer.exe which is located here C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS on the pxe server.All versions of SbsServer.exe are affected in 7.5 prior to version 12.0.0.6278 which is the version that ships with DS 7.5 SP1 HF5.To fix this issue you can simply call Symantec Technical Support and get version 12.0.0.6278 or upgrade to HF5 when it is released.
 
Proper Configuration of the HotFix:
 
To make the hotfix work correctly the following settings must be applied:
 
1.) Navigate to C:\Program Files\Altiris\Altiris Agent\Agents\Deployment\SBS
2.) Edit SbsConfiguration.xml and ensure that the following line is set to SSL settings.  It should look like:
    <clienthandler type="network" protocol="https" servername="SMP-W2K8-01.EPM.local" port="443" validatecertificate="no"/>
3.) The important part is that protocol is set to https and not http and that port is set to 443 and not 80.
4.) Open up IIS manager.  Navigate to the Altiris directory.  Click on SSL settings and make sure that SSL Required is checked and that Client   certificate required is set to ignore.
5.) Again in IIS manager navigate to the Deployment folder and Click on SSL settings.  Make sure that SL Required is checked and that Client certificate required is set to ignore.
6.) Open a command prompt with administrative privileges and run IISReset (not sure if this is required).
7.) Please note further configuration may be required if manually installing the SbsServer.exe 12.0.0.6278 point fix.  This instruction will be provided by technical support.

Applies To

DS 7.5 SP1 HF4 and all prior versions