Symantec Management Agent DCOM settings changes will not remain after a reboot of the Notification Server
Article ID: 164358
Updated On:
Products
Issue/Introduction
The Symantec Management Agent's DCOM settings changes will not remain after a reboot of the Notification Server (NS).
Environment
ITMS 8.x
Cause
The SMA's service is resetting the DCOM settings on start-up. This is by design.
User scripts, 3rd party applications, or other elements can start the SMA service by simply executing any SMA COM method. They could do that at any time without actually checking that the time
is right. The fix for this was implemented to disallow anyone to start the SMA service by invoking a COM method.
See event id 10016.
Resolution
These changes are not recommended by Symantec. If there are a lot of errors in the log, the cause needs to be indentified and the solution below is only meant as a temporary workaround. For example, if there is a keep alive script on the box that checks to see if the agent is started and then invokes a COM object to start it, we will fail it because it can interfere with upgrades or other solution installs.
After making the desired settings to the Altiris Agent DCOM Config, follow these steps to lock it down so the settings are not changed upon reboot or restart of agent:
1. Open the Registry Editor (regedit.exe)
2. Browse to HKEY_CLASSES_ROOT\AppID\{5E038245-CF81-44BE-8018-9A2981B9DC9B}
3. Right-click on {5E038245-CF81-44BE-8018-9A2981B9DC9B} and select Permissions…
4. Click the Advanced button
5. Select the row with the name SYSTEM
6. Click the Edit… button
7. For Set Value, check the Deny box
8. Click OK
9. Click OK
10. On the Windows Security warning, click Yes.
11. Click OK
12. Close Registry Editor
The System account will now be unable to edit the settings for the Altiris Agent service. If you ever need to make changes to these settings, you will need to return to Registry Editor and remove the Deny from SYSTEM account.
Feedback
