ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Getting - HTTP status 401: The request requires user authentication (0x8FA10191) - while trying to access /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx

book

Article ID: 172405

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Many Client machines are not being able to get a task server to be assigned to.
1. When the client machine tries to contact the SMP in order to get the Task Server list, it receives the following error:

Operation 'Direct: Head' failed.
Protocol: HTTPS
Host: smp11v.domain.net:443
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 30.3904
Communication profile Id: {EA581BD1-5E78-46B2-87CC-3FCCA718D219}
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication
(0x8FA10191)
Error note: Authentication: Failed. Server refused to authenticate with
provided credentials.
 

Operation 'Direct: Head' failed.
Protocol: HTTPS
Host: smp11v.domain.net:443
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 30.3904
Communication profile Id: {EA581BD1-5E78-46B2-87CC-3FCCA718D219}
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication (0x8FA10191)
Error note: Authentication: Failed. Server refused to authenticate with provided credentials.
Server HTTPS connection info:
Server certificate:
Serial number: 46 ad b1 fd be 0f 6f 85 43 66 21 d3 66 fc c5 e1
Thumbprint: a2 bb b9 3e aa ee 4a 0a 82 1c ea db 5c a2 e1 34 bd b7 f2 c6
Cryptographic protocol: TLS 1.0
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm: SHA1
Hash length: 160
Key exchange algorithm: ECDH_P256
Key length: 256
------------------------------------------------------------------------------
-----------------------
Date: 8/20/2018 2:06:23 PM, Tick Count: 4944763 (01:22:24.7630000), Size: 1.13 KB
Process: AeXNSAgent.exe (3904), Thread ID: 4088, Module: AeXNetComms.dll
Priority: 1, Source: NetworkOperation

 

 

Operation 'Direct: Head' failed.
Protocol: HTTPS
Host: smp11v.domain.net:443
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 30.3904
Communication profile Id: {EA581BD1-5E78-46B2-87CC-3FCCA718D219}
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication (0x8FA10191)
Error note: Empty response content received
Server HTTPS connection info:
Server certificate:
Serial number: 46 ad b1 fd be 0f 6f 85 43 66 21 d3 66 fc c5 e1
Thumbprint: a2 bb b9 3e aa ee 4a 0a 82 1c ea db 5c a2 e1 34 bd b7 f2 c6
Cryptographic protocol: TLS 1.0
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm: SHA1
Hash length: 160
Key exchange algorithm: ECDH_P256
Key length: 256
------------------------------------------------------------------------------
-----------------------
Date: 8/20/2018 2:06:23 PM, Tick Count: 4944763 (01:22:24.7630000),  Size: 1.08 KB
Process: AeXNSAgent.exe (3904), Thread ID: 4088, Module: AeXNetComms.dll
Priority: 1, Source: NetworkOperation

 

 

Failed to call web interface by url
[https://smp11v.domain.net:443/Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx?shares=1&resourceGuid=901947c1-0a6e-4da2-996a-12ae22017d8d&crc=0008000100001863],
error [0x80042D21, IDispatch error #11041].
------------------------------------------------------------------------------
-----------------------
Date: 8/20/2018 2:06:23 PM, Tick Count: 4944763 (01:22:24.7630000), Size: 499 B
Process: AeXNSAgent.exe (3904), Thread ID: 4088, Module: client task agent.dll
Priority: 2, Source: Client Task Agent

Cause

The customer added some IP address restrictions in his AD.  The customer mentioned that the configuration called "Log On To" (sometimes people may call it "Connect To" setting)  was the one that they setup to block the SMP user account to be used on few specific machines, like the SMP and the Site Server.

http://woshub.com/restrict-workstation-logon-ad-users/

https://ravingroo.com/267/active-directory-user-workstation-logon-restriction/

 

 

Environment

ITMS 8.1 RU7

Resolution

Remove the affecting AD configuration that was blocking the SMP user account. In this case the AD configuration called "Log On To".



After they removed that configuration, we were able to get all machine on their environment working without issue.

Also make sure the Symantec Management Agent, and also the Task Service is upgraded on the Site Servers.  If you've upgraded recently, the Task Servers need to be upgraded.

Attachments