Agents are not able to register with a Task Server, and possibly not able to setup Persistent Communications with the Notification Server or a Task Server.
Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server
Operation 'Direct: Head' failed.
Protocol: HTTP
Host: NS Server
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 64.5284
Communication profile Id: {xxxxxxxx-2EEC-4B3B-AAE3-D72DF98D22F8}
Throttling: 2 50 0
Error type: HTTP error
Error code: HTTP error occured (0x80042D21)
Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server
Operation 'Direct: Head' failed.
Protocol: HTTP
Host: NS Server
Path: /Altiris/TaskManagement/CTAgent/PersistentSettings.aspx
Connection Id: 59.5284
Communication profile Id: {xxxxxxxx-2EEC-4B3B-AAE3-D72DF98D22F8}
Throttling: 2 50 0
Error type: HTTP error
Error code: HTTP error occured (0x80042D21)
Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server
8.x and later
Kerberos authentication is not functioning properly
First of all, make sure the 'authPersistNonNTLM' setting is set to TRUE.
Open IIS Manager on the server being connected to (Notification Server or Site Server) which is giving the error.
Select the ServerName under Start Page, and then select Configuration Editor (near the bottom) under Management
Navigate to system.webServer/security/authentication/windowsAuthentication, and then view the setting for 'authPersistNonNTLM' and make sure it is set to TRUE.
If you still have errors, disable Kerberos authentication by doing the following:
Browse to: Default Website/Altiris/TaskManagement/CTAgent
Open Authentication and select Windows Authentication. Select Providers on the right panel. Move NTLM to the top. Click OK.
Close out of IIS Manager
Issue should be resolved for this server. You may need to repeat this on the NS and other Task Servers.
Microsoft documentation on authPersistNonNTLM: https://techcommunity.microsoft.com/t5/iis-support-blog/request-based-versus-session-based-kerberos-authentication-or/ba-p/916043