The customer has enabled only TLS 1.2 and that it is the only version that he wants to use in their environment. FIPS is also enabled.
The Agent Communication Profile used for these new client machines (which usually is the default one) only has TLS 1.2 checked and TLS 1.0 and 1.1 are not enabled.
If TLS 1.2 is the only box checked on the communication profile and if a new machine is setup, what they see is that those machines can't communicate back.
If they check the box for TLS 1.0 (and not necessarily 1.1), then those machines start talking just fine.
When this server tries to connect to the SMP for configuration requests or send basic inventory, the following messages are displayed on the agent logs:
Request 'HTTPS://altirisapp01.domain.edu:443/Altiris/NS/A
On the event logs from the machine that is not connecting, you may see the following entry:
Log Name: System
Source: Schannel
Date: 10/04/2015 9:21:17 AM
Event ID: 36871
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer:
Description:
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.
Request 'HTTPS://altirisapp01.domain.edu:443/Altiris/NS/Agent/CreateResource.aspx' failed, COM error: The client and server cannot communicate, because they do not possess a common algorithm (0x80090331)
-----------------------------------------------------------------------------------------------------
Date: 10/15/2018 10:23:30 AM, Tick Count: 1024968312 (11.20:42:48.3120000), Size: 448 B
Process: AeXNSAgent.exe (5504), Thread ID: 620, Module: AeXNSAgent.exe
Priority: 2, Source: ConfigServer
Configure Server Mode: Failed to obtain the machine resource GUID, error: The client and server cannot communicate, because they do not possess a common algorithm (0x80090331)
-----------------------------------------------------------------------------------------------------
Date: 10/15/2018 10:23:30 AM, Tick Count: 1024968312 (11.20:42:48.3120000), Size: 408 B
Process: AeXNSAgent.exe (5504), Thread ID: 620, Module: AeXNSAgent.exe
Priority: 2, Source: ConfigServer
Failed to register agent. Registration status 'Not registered'. Next retry in 60 min.
-----------------------------------------------------------------------------------------------------
Date: 10/15/2018 10:23:30 AM, Tick Count: 1024968312 (11.20:42:48.3120000), Size: 311 B
Process: AeXNSAgent.exe (5504), Thread ID: 620, Module: AeXNSAgent.exe
Priority: 2, Source: Agent
Since the Symantec Management Platform (SMP) is set to use FIPS, under "https://social.technet.microso
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
ITMS 8.1, 8.5
On the SMP:
On the machine that is not connecting: