System not registering with Task Server error: check IIS setting 'authPersistNonNTLM'

search cancel

System not registering with Task Server error: check IIS setting 'authPersistNonNTLM'

book

Article ID: 173578

calendar_today

Updated On:

Products

IT Management Suite Task Server

Issue/Introduction

The Agent is not able to get a list of Task Servers back from the Notification Server resulting in the Agent not being able to register with a Task Server.

When this package server goes to the SMP to request the list of Task Servers:

'http://NotificationServerFQDN:80/Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx';,

the request fails, resulting the mentioned:

Error code: HTTP error occured (0x80042D21)

Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server.

Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Error code: HTTP error occured (0x80042D21)
Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server

Path: /Altiris/TaskManagement/CTAgent/PersistentSettings.aspx
Error code: HTTP status 200: The request has succeeded (0x8FA100C8)
Error note: Empty response content received

Environment

ITMS 8.5 RU1

Cause

When Windows Authentication is set to Authenticate, additional settings for Kerberos are needed to function properly.

Resolution

If the customer want's to use Kerberos then other settings are needed such as setting up Service Principal Names (SPN) for each ITMS node (Notification Server and Site Servers). If Kerberos is not desired we should switch Windows Authentication to use NTLM instead of Authenticate.

To change Windows Authentication:

Open IIS Manager, and select the Default Web Site

Click on the Authentication module

Select Windows Authentication and choose Providers from th Actions pane

Move NTLM to the top of Enabled Providers

Feedback

thumb_up Yes

thumb_down No