Freshly imaged Windows 10 machines fail to report to the correct NS when booting to production

book

Article ID: 170629

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

When you deploy an image to a machine and it boots to production, the Symantec Management Agent (SMA) should automatically update its owner Notification Server (NS) to the one that deployed its image and connect to that NS for a machine GUID and management policies. This should occur irrespective of which NS created the original source image. 

In some cases though, when deploying a Windows 10 image and booting to production, the SMA attempts to contact the NS that created the original source image. If this NS cannot be contacted because, for example it was created in a development environment on a separate network,  the SMA will fail to receive any management policies and remain in an unmanaged state. 

The errors below are characteristic of this issue:
SMA LOGS:
Failed to set new server 'http://Name_of_NS_that_deployed_the_image/Altiris', COM error:
Access is denied. (0x80070005)
---------------------------------------------------------------------
Date: 19/10/2017 10:47:39, Tick Count: 23406 (00:00:23.4060000), Host Name:
xxxxx, Size: 341 B
Process: AeXAgentUtil.exe (5860), Thread ID: 5896, Module: AexAgentUtil.exe
Priority: 1, Source: CoreUtil


WINDOWS SYSTEM EVENT APPLICATION LOGS:
Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          19/10/2017 10:47:39
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      xxxx
Description:
The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID
{43043A36-0302-4375-8086-F7DD368DCADC} and APPID 
{5E038245-CF81-44BE-8018-9A2981B9DC9B} to the user NT AUTHORITY\SYSTEM SID
(S-1-5-18) from address LocalHost (Using LRPC) running in the application
container Unavailable SID (Unavailable). This security permission can be
modified using the Component Services administrative tool.

Cause

In some cases, the AeXAgentUtil.exe process was executing before the SMA service had restarted.

Environment

  • ITMS 7.6, 8.0, 8.1
  • Utilising Deployment Solution to create and deploy the image

Resolution

A fix for this issue has been included in 8.1 RU4 and in the 7.6 post HF7 cumulative updates track