Cloud-Enabled Management (CEM) agents are not able to register when installing the Symantec Management Agent (SMA) with a CEM offline installer package while the agent has connectivity to the internal network.
Error 1:Failed to send basic inventory, COM error: Cannot send event, the computer has not been registered on the server (0x80042B01) ... Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNSAgent.exe Priority: 1, Source: ConfigServer
Error 2:Operation 'Direct: Post' failed. Protocol: HTTP Original Host: <SMP Server FQDN>:80 Real Host: <SMP Server FQDN>:80 Path: /Altiris/NS/Agent/GetClientCertificateMig.aspx Error type: SMP Server error Error code: Access is denied (0x00000005) Error note: HTTP Status 403: 403 Access is denied (client does not have authorization) ... Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNetComms.dll Priority: 1, Source: NetworkOperation
Warning 1:Request 'HTTP://
<SMP Server FQDN>
:80/Altiris/NS/Agent/GetClientCertificateMig.aspx?Encrypted=1'; failed, COM error: Access is denied (0x80070005) ... Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNSAgent.exe Priority: 2, Source: ConfigServer
Error 3:Attempted CEM gateway certificate negotiation failed. ... Process: AeXNSAgent.exe (956), Thread ID: 5652, Module: AeXNSAgent.exe Priority: 1, Source: ConfigServer
We also noticed messages like these (when trace and verbose logging was enabled):
Entry 1:Attempted CEM nsagent certificate negotiation failed. ... Process: AeXNSAgent.exe (7008), Thread ID: 7560, Module: AeXNSAgent.exe Priority: 1, Source: ConfigServer
Entry 2:Operation 'Direct: Post' failed. Protocol: HTTPS Host: <SMP Server FQDN>:443 Path: /altiris/NS/Agent/GetClientCertificate.aspx Error type: SMP Server error Error code: Access is denied (0x00000005) Error note: HTTP Status 403: 403 Access is denied (client does not have authorization)
Server HTTPS connection info:
Server certificate:
Serial number: <16 character certificate serial number>
Thumbprint: <40 character server thumbprint here>
Cryptographic protocol: TLS 1.0
...
Process: AeXNSAgent.exe (7008), Thread ID: 7560, Module: AeXNetComms.dll
Priority: 1, Source: NetworkOperation
The CEM offline package expects the new agent to communicate through the CEM Gateway and has processes for negotiating the additional certificates that the agent will need. When connected directly to the SMP those steps fail, causing this issue.
Solution 1:
Solution 2:
A similar error is addressed in KB 163468