When you deploy an image to a machine and it boots to production, the Symantec Management Agent (SMA) should automatically update its owner Notification Server (NS) to the one that deployed its image and connect to that NS for a machine GUID and management policies. This should occur irrespective of which NS created the original source image.
In some cases though, when deploying a Windows 10 image and booting to production, the SMA attempts to contact the NS that created the original source image. If this NS cannot be contacted because, for example it was created in a development environment on a separate network, the SMA will fail to receive any management policies and remain in an unmanaged state.
The errors below are characteristic of this issue:
SMA LOGS:
Failed to set new server 'http://Name_of_NS_that_deployed_the_image/Altiris', COM error:
Access is denied. (0x80070005)
---------------------------------------------------------------------
Date: 19/10/2017 10:47:39, Tick Count: 23406 (00:00:23.4060000), Host Name:
xxxxx, Size: 341 B
Process: AeXAgentUtil.exe (5860), Thread ID: 5896, Module: AexAgentUtil.exe
Priority: 1, Source: CoreUtil
WINDOWS SYSTEM EVENT APPLICATION LOGS:
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 19/10/2017 10:47:39
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: xxxx
Description:
The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID
{43043A36-0302-4375-8086-F7DD368DCADC} and APPID
{5E038245-CF81-44BE-8018-9A2981B9DC9B} to the user NT AUTHORITY\SYSTEM SID
(S-1-5-18) from address LocalHost (Using LRPC) running in the application
container Unavailable SID (Unavailable). This security permission can be
modified using the Component Services administrative tool.
In some cases, the AeXAgentUtil.exe process was executing before the SMA service had restarted.
A fix for this issue has been included in 8.1 RU4 and in the 7.6 post HF7 cumulative updates track