Cloud-Enabled Management (CEM) agents are not able to register when installing the Symantec Management Agent (SMA) with a CEM offline installer package while the agent has connectivity to the internal network.
Error 1:
Failed to send basic inventory, COM error: Cannot send event, the computer has not been registered on the server (0x80042B01)
...
Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNSAgent.exe
Priority: 1, Source: ConfigServer
Error 2:
Operation 'Direct: Post' failed.
Protocol: HTTP
Original Host: <SMP Server FQDN>:80
Real Host: <SMP Server FQDN>:80
Path: /Altiris/NS/Agent/GetClientCertificateMig.aspx
Error type: SMP Server error
Error code: Access is denied (0x00000005)
Error note: HTTP Status 403: 403 Access is denied (client does not have authorization)
...
Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNetComms.dll
Priority: 1, Source: NetworkOperation Warning 1: Request
'HTTP://<SMP Server FQDN>:80/Altiris/NS/Agent/GetClientCertificateMig.aspx?Encrypted=1'; failed, COM error: Access is denied (0x80070005) ... Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNSAgent.exe Priority: 2, Source: ConfigServer
Error 3:
Attempted CEM gateway certificate negotiation failed.
...
Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNSAgent.exe
Priority: 1, Source: ConfigServer
We also noticed messages like these (when trace and verbose logging was enabled):
Entry 1:
Attempted CEM nsagent certificate negotiation failed.
...
Process: AeXNSAgent.exe (7008), Thread ID: 7560, Module: AeXNSAgent.exe
Priority: 1, Source: ConfigServer
Entry 2:
Operation 'Direct: Post' failed.
Protocol: HTTPS
Host: <SMP Server FQDN>:443
Path: /altiris/NS/Agent/GetClientCertificate.aspx
Error type: SMP Server error
Error code: Access is denied (0x00000005)
Error note: HTTP Status 403: 403 Access is denied (client does not have authorization)
Server HTTPS connection info:
Server certificate:
Serial number: <16 character certificate serial number>
Thumbprint: <40 character server thumbprint here>
Cryptographic protocol: TLS 1.0
...
Process: AeXNSAgent.exe (7008), Thread ID: 7560, Module: AeXNetComms.dll
Priority: 1, Source: NetworkOperation
ITMS 8.x
The CEM offline package expects the new agent to communicate through the CEM Gateway and has processes for negotiating the additional certificates that the agent will need. When connected directly to the SMP those steps fail, causing this issue.
Solution 1:
Solution 2:
A similar error is addressed in KB 163468