When a customer sends a boot to pxe task or manually boots the client into automation and presses F8, 'Next device' is the only preboot option displayed.
The error below is shown in the 'sbslog_pxe.txt' file.
Tue Jan 29 15:51:46 2019 9300 SbsHttpClient.cpp Sbs::SbsHttpClient::OperationDone 133 Error NS response parse failure, bytes read 1431, 'HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-UA-Compatible: IE=EmulateIE8
X-Frame-Options: SAMEORIGIN
Date: Tue, 29 Jan 2019 20:51:45 GMT
Content-Length: 1233
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
'
---------------------------------------------------------------------------------------
sbslog_pxe.txt has also been observed to contain this:
GET /altiris/Deployment/Services/GetPXEBootInfo.aspx?xml=<request><GetPXEBootInfo><UniqueID>2052434E-0000-0000-0000-020058857515</UniqueID><MacAddress>client mac address shown here</MacAddress><SerialNumber></SerialNumber><IPAddress>client IP shown here</IPAddress></GetPXEBootInfo></request> HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Symantec NBS
Host: SMPfqdn
Connection: Keep-Alive
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 62 Debug Socket connection not open. Calling TcpSocket::Create() and AioBind()
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 64 Debug TcpSocket::Create() returned a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 68 Debug AioBind() returned a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 73 Debug BeginConnect() returned a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::SendRequest 90 Debug Exiting SendRequest with a result of :0
Fri Apr 15 08:29:59 2022 12628 SbsHttpRequestHandler.cpp Sbs::SbsHttpRequestHandler::ProcessRequest 103 Debug Send Request completed with return code of:0 on retry #1
Fri Apr 15 08:30:05 2022 12628 SbsHttpClient.cpp Sbs::SbsHttpClient::Error 271 Error Error received for operation 2, errorcode: 121
Fri Apr 15 08:30:05 2022 12628 SbsPxeInterface.cpp Sbs::SbsPxeInterface::OperationDone 82 Debug Function called
Fri Apr 15 08:30:05 2022 12628 SbsPxeInterface.cpp Sbs::SbsPxeInterface::SendPxeResponse 462 Debug Function called
Fri Apr 15 08:30:05 2022 7548 SbsPxeInterface.cpp Sbs::SbsPxeInterface::OperationDone 82 Debug Function called
Fri Apr 15 08:30:05 2022 7548 SbsPxeInterface.cpp Sbs::SbsPxeInterface::SendDone 750 Debug Function called
Fri Apr 15 08:30:08 2022 7548 SbsHttpClient.cpp Sbs::SbsHttpClient::Error 271 Error Error received for operation 2, errorcode: 121
DS 7.x, 8.x
This issue was caused because the SBSServer was trying to connect to the NS server over port 80 but the NS was communicating over port 443.
When the Symantec Installation Manager installs the product for the first time it sets values in the registry for the port that NS should use and whether or not communication over SSL is required.
This is set using the following registry keys on the SMP/Notification server:
Port: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration\NSWebSitePort
Use SSL: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration
In most situations, these values get to set '80' and 'False' respectively when customers do an initial installation of the SMP without specifying HTTPS. When customers decide to use HTTPS they make the changes through the management console. The registry keys noted above DO NOT GET changed.
Because these keys are not changed after migrating to HTTPS the SBS server reads these values and communicates over HTTP causing communication to fail.
Note: Restarting SIM may cause the registry values to be changed back to port 80 and false after being changed.. This has not been 100% verified.
On the NS:
For HTTPS support:
Port: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration\NSWebSitePort : set to 443
Use SSL: HKLM\SOFTWARE\Altiris\AIM\Configuration\Nsconfiguration: set to True
3. Open NBS General Settings through the management console and make any change.
4. The SBS server will update its configuration and the communication methods will be updated in the sbsconfiguration.xml file.