ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Service account (Application Identity) lockouts when endpoint runs out of disk space.

book

Article ID: 172140

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

The Symantec Management Agent requires enough disk space available to download policies and save credentials. 

Cause

Under investigation. Unfortunately there seems no easy fix because even if the disk is full there is no way a storage can be modified without "dirty mark" file modification which requires a few bytes. Seems that more general solution with some disk reservation for emergency cases is needed.

Environment

ITMS 8.1 RU6 and later

Resolution

Current workaround is to switch to using a local ACC account and free disk space.

  1. Add an user and password to "The Agent Connectivity Credentials that are defined on the 'Global Agent Settings' page are selected" for your active communication profile (under Settings>Agents/Plug-ins>Symantec Management Agent Communication Profiles)
  2. Add not a domain user to "Global Agent Setting" under "Authentication tab>Agent Connectivity Credential".
  3. Set the flag "Create the Agent Connectivity Credential on Site Servers" and "re-enable the created local account if it has been locked out" in "Global Site Server Settings>Security Settings" (under Settings>Notification Server>Site Server Settings>Task Service)
  4. Update the Agents configuration on all affected computers

Also, please refer to INFO5222 "How the 'Re-enable the created local account if it has been locked out' setting works"