CEM clients that were deployed using a master image that was created from a machine that already had Cloud Enabled Management mode enabled will:
Fail to connect to the Internet Gateway Server [1] 9/3/2015 10:48:12 AM (AeXNSAgent.exe) TunnelSslDataTransformerImpl
Failed to create new client credential. (0x8009030D)
(AeXNSAgent.exe) MsCryptoSslDataTransformerImpl
InitializeSecurityContext error while client handshake: The message received was unexpected or badly formatted (0x80090326)
(AeXNSAgent.exe) NetworkOperation
Operation 'Connect' failed.
Protocol: http
Host: CEM.example.com
Port: 443
Path: /
Http status: 0
Secure: Yes
Id: {50FC019A-8FED-45BB-BB20-12434374BDAB}
Error type: Connection error
Error result: 0x80072751
Error code: 0
Error note: Unable to connect via secure gateway
Error message: A socket operation was attempted to an unreachable host
(AeXNSAgent.exe) Client Task Agent
Failed to call web interface by url [https://SMP.example.com/Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx?resourceGuid=00c43d13-5fcb-4e75-8917-d0306d845918], error [0x80072751, A socket operation was attempted to an unreachable host.].
8.x
Confirm the cause of the issue:
1. From the Run box in Windows type 'mmc' and enter
2. In the mmc console that opens navigate to File --> Add/Remove Snap-in...
3. Select 'Certificates' on the left pane and then click the 'Add >' button
4. In the window that pops up select 'Service Account' and hit the 'Next' button
5. Then make sure 'Local computer' is selected and hit the 'Next' button
6. Scroll down the list that is presented and select 'Symantec Management Agent' and hit the 'Finish' button
7. Then hit the 'OK' button
8. Expand 'Certificates - Service (Symantec Management Agent) on Local Computer' in the left pane
9. Select 'AeXNSClient\Personal --> Certificates' in the left pane
10. The right pane should now show the client certificates used to connect over CEM. (If these certificates show the name of the machine which the image was created on and do not match the current machine name then this confirms that this is the cause of the issue)
Resolve the issue:
1. Run 'Prepare for Image Capture' task with Sysprep on the client machine before capturing an image. This task is designed to remove machine specific identifiers to prevent deployment issues
OR
1. Make sure that the machine which the base image is captured on does not have CEM mode enabled and does not have the client certs already in place
2. Enable CEM mode only after the image is deployed on the client machines