Agent could not connect to a Task Server with Persistent Connections. Error code: HTTP status 403: The client does not have sufficient access rights (0x8FA10193)
search cancel

Agent could not connect to a Task Server with Persistent Connections. Error code: HTTP status 403: The client does not have sufficient access rights (0x8FA10193)

book

Article ID: 173987

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Managed machines with Sym Agent installed could not connect to a Task Terver with Persistent Connections.   The Communication Profile settings for Persistent Connections was greyed out and could not be enabled.

Agent log errors had the following:

Original host: Test.EPM.com:444

Real host: Test:444
Path: /Altiris/ClientTaskServer/Register.aspx 
Connection id: 4.10352 
Communication profile id: {89DDBFCC-XXXX-4DBF-XXXX-01EE533529FC} 
Error type: HTTP error 
Error code: HTTP status 403: The client does not have sufficient access rights (0x8FA10193) 
Error note: 403 Forbidden 
Server HTTPS connection info: 
   Server certificate: 
      Serial number: XX XX ad 6d cf 11 65 d1 8a cf 89 bf d9 32 2f dc 3d 8d XX XX 
      Thumbprint: XX XX 25 da a7 9f cf 33 06 dd 82 56 b2 08 95 e3 37 91 XX XX 
   Cryptographic protocol: TLS 1.0 
   Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
   Cipher algorithm: AES 
   Cipher key length: 256 
   Hash algorithm: SHA1 
   Hash length: 160 
   Key exchange algorithm: ECDH 
   Key length: 255

 

Operation 'Direct: Head' failed. 
Protocol: HTTPS 
Host: Test.EPM.com:443 
Path: /Altiris/ClientTaskServer/Register.aspx 
Connection Id: 4.10352 
Communication profile Id: {89DDBFCC-XXXX-4DBF-XXXX-01EE533529FC
Error type: HTTP error 
Error code: HTTP status 403: The client does not have sufficient access rights (0x8FA10193) 
Error note: Empty response content received 
Server HTTPS connection info: 
   Server certificate: 
      Serial number: XX XX ad 6d cf 11 65 d1 8a cf 89 bf d9 32 2f dc 3d 8d XX XX 
      Thumbprint: XX XX 25 da a7 9f cf 33 06 dd 82 56 b2 08 95 e3 37 91 XX XX  
   Cryptographic protocol: TLS 1.0 
   Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
   Cipher algorithm: AES 
   Cipher key length: 256 
   Hash algorithm: SHA1 
   Hash length: 160 
   Key exchange algorithm: ECDH 
   Key length: 255

Environment

ITMS 8.6.x and newer

Cause

Reviewed the Task Server settings and found that they had both port 443 and port 444 loaded and bound on the server and each were bound to separate certificates.  We removed the port 444 bindings and checked the Global Site Server Settings on the Notification Server (NS).   The option to configure https bindings was not checked.   

Resolution

On the Notification Server's Global Site Server Settings' page, we enabled the configure HTTPs binding and put the port to 443 here and left the Force Overwrite Binding settings and the Install Certificate unchecked since they were using their own certificates and the port was already bound to port 443 on the Site Server.  Ran the NS Site Server Profiles Synchronization Schedule in the Windows Task Scheduler.   After running this we could then see that the Communication Profile setting for Persistent Connections was no longer greyed out and agents started connecting.

Powered by Wolken Software