Tasks that have embedded credentials (run as) do not work after a machine has been re-imaged with the Symantec Man agent Agent already installed in the image.

book

Article ID: 170033

calendar_today

Updated On:

Products

Endpoint Encryption Management Platform (Formerly known as Notification Server) Task Server

Issue/Introduction

All computers rolled out with a particular image fail to run a script task when the script task is assigned a local admin account (./Offline is the user name for example).

The computer the image was taken from runs these tasks without issue. In case of a recently imaged machine, it fails.

 

Entries and Error on the Agent logs are: 

Task started. Instance: [b77eda6a-61f9-42a8-a4d5-b9d40d07c332], Type: [ts].
-----------------------------------------------------------------------------------------------------
Date: 8/22/2017 1:15:11 PM, Tick Count: 341578884 (3.22:52:58.8840000), Host Name: JY1BJH2, Size: 315 B
Process: AeXNSAgent.exe (3816), Thread ID: 3460, Module: client task agent.dll
Priority: 4, Source: Client Task Agent


DecryptBase64String failed to decrypt data, error: Bad Data (0x80090005)
-----------------------------------------------------------------------------------------------------
Date: 8/22/2017 1:15:11 PM, Tick Count: 341578884 (3.22:52:58.8840000), Host Name: JY1BJH2, Size: 305 B
Process: AeXNSAgent.exe (3816), Thread ID: 4032, Module: BaseTaskHandlers.dll
Priority: 1, Source: CryptHelper


Failed to run task as specific user, the credentials are invalid, error: Bad Data (0x80090005)
-----------------------------------------------------------------------------------------------------
Date: 8/22/2017 1:15:11 PM, Tick Count: 341578899 (3.22:52:58.8990000), Host Name: JY1BJH2, Size: 334 B
Process: AeXNSAgent.exe (3816), Thread ID: 4032, Module: BaseTaskHandlers.dll
Priority: 1, Source: CScriptTaskHandler


Task finished. Instance: [b77eda6a-61f9-42a8-a4d5-b9d40d07c332], Result code: [4294967295], Succeeded: [FALSE], Type: [ts], In Progress: [FALSE], Interrupted: [FALSE].
-----------------------------------------------------------------------------------------------------
Date: 8/22/2017 1:15:11 PM, Tick Count: 341578899 (3.22:52:58.8990000), Host Name: JY1BJH2, Size: 407 B
Process: AeXNSAgent.exe (3816), Thread ID: 3460, Module: client task agent.dll
Priority: 4, Source: Client Task Agent

Cause

Under Manage>Computers, those machines appear with the grayed out icon as "untracked". Those machines were not assigned to a Targeted Agent Settings policy. By no having a targeted agent settings policy, the agent does not receive any policies containing the agent settings, which include KMS keys, so it cannot decrypt.

Environment

ITMS 8.0 HF6

Resolution

Add those machines to a Targeted Agent Settings policy (under Settings>Agents/Plug-ins>Symantec Management Agent>Settings>Targeted Agent Settings) and request a Configuration from the affected machine(s).