ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Installation of the NS Agent for Unix, Linux and Mac Fails with Error: "Failed to load certificate..."

book

Article ID: 161963

calendar_today

Updated On:

Products

Client Management Suite IT Management Suite

Issue/Introduction

Installation of the NS Agent for ULM (and likely windows clients, as well) fails with the following errors even when SSL/HTTPS is not configured on the NS/SMP server. This applies to installations done from the NS console and by manually running an installation package or command. 

  

The output of a manual install running aex-bootstrap-macosx:

======================================================================================

Tue May 12 11:09:33 MDT 2015

Performing installation of Symantec Management Agent for UNIX, Linux, and Mac 7.6.1423 

======================================================================================

Installing Symantec Management Agent for UNIX, Linux, and Mac 7.6 on the system.
Starting system package installer.
Please see '/opt/altiris/notification/nsagent/aex-nsclt-install.log' for details.
ERROR: Failed to install package. Agent install failed.
ERROR: At least one input parameter for event sending is invalid: Action: 'Remote Install Finished', Client ID: ''.

 

Final entries in the /opt/altiris/notification/nsagent/aex-nsclt-install.log:

Generating IPC access keys.
Failed to load certificate from settings.
ERROR: Agent configuration failed.
Error: Agent configuration cannot be completed.
-E installer: Package name is Symantec Management Agent
-E installer: Installing at base path /
-E installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

  

 

Cause

In this case, it was found that an SSL certificate was not bound to port 443 in IIS settings. 

  

Resolution

Bind a certificate to port 443 in IIS settings. This is required even if the NS server is not configured to use SSL/HTTPS. It is acceptable to use the default server certificate, if needed. 

Following is a screen shot showing the steps to bind a certficate to port 443 in IIS. If needed, 'Add' the entry for HTTPS Port 443 bindings, then apply a certificate to entry for port 443. 



  

Attachments