Failing to register to a task server due to multiple agent communication profiles for the same SMP server
search cancel

Failing to register to a task server due to multiple agent communication profiles for the same SMP server

book

Article ID: 175117

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

The SMP can't register to a Task Server. The NS logs showed the following (after enabling Task verbosity logging):

Entry 1 - This shows that it is trying to reach the registration page:

CTaskServerNetCommsConnection::_CallMethod(): Posting to url [https://smpserver.yourdomain.com:443/Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx?shares=1&resourceGuid=c28e81a3-db55-4ab0-b95f-12796fe27e2a&crc=0008000500001099].

Entry 2 - Calling NS server endpoint:

'https://smpserver.yourdomain.com:443/Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx', ID: {3C81AE14-C7C0-4988-BBB8-5DD3976A7A84}, registration ID: None

Entry 3 - failed to authenticate with the provided credentials:

Operation 'Direct: Head' failed.
Protocol: HTTPS
Host: smpserver.yourdomain.com:443
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 1193.5980
Communication profile Id: {C94E6833-9E8F-4227-A8AE-A8D072547ABA}
Throttling: 0 0 0
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication (0x8FA10191)
Error note: Authentication failed, server refused to authenticate with provided credentials
Server HTTPS connection info:
Server certificate:
Serial number: 13 00 00 0a 51 32 14 16 c9 fe 8a 02 be 00 00 00 00 0a 51
Thumbprint: 90 b8 0f 70 1d d4 a3 e7 64 4f d6 0e 2d b0 98 ca 04 cb d1 45
Cryptographic protocol: TLS 1.2
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm: SHA384
Hash length: 384
Key exchange algorithm: ECDH_P256
Key length: 256

Looking at the IIS log, it showed that the agent on the SMP is not passing any credentials, just trying to authenticate anonimously:

2019-06-10 17:02:58 <IP Address> HEAD /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx shares=1&resourceGuid=c28e81a3-db55-4ab0-b95f-12796fe27e2a&crc=0008000500001099 443 - <IP Address> - - 401 2 5 0
2019-06-10 17:02:58 <IP Address> HEAD /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx shares=1&resourceGuid=c28e81a3-db55-4ab0-b95f-12796fe27e2a&crc=0008000500001099 443 - <IP Address> - - 401 1 3221225581 0

but any other machine that was tried anonymously and with the proper account:

2019-06-10 00:17:40 <IP Address> HEAD /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx shares=1&resourceGuid=9a7a952d-c78b-4739-aefc-0a3ae3370146&crc=0008000500001099 443 - <IP Address> - - 401 2 5 0
2019-06-10 00:17:40 <IP Address> HEAD /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx shares=1&resourceGuid=9a7a952d-c78b-4739-aefc-0a3ae3370146&crc=0008000500001099 443 domain\svcaltagent2 <IP Address> - - 200 0 0 78
2019-06-10 00:17:40 <IP Address> POST /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx shares=1&resourceGuid=9a7a952d-c78b-4739-aefc-0a3ae3370146&crc=0008000500001099 443 domain\svcaltagent2 <IP Address> - - 200 0 0 140

Operation 'Direct: Head' failed.
Protocol: HTTPS
Host: smpserver.yourdomain.com:443
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 1193.5980
Communication profile Id: {C94E6833-9E8F-4227-A8AE-A8D072547ABA}
Throttling: 0 0 0
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication (0x8FA10191)
Error note: Authentication failed, server refused to authenticate with provided credentials

Environment

ITMS 8.x

Cause

Using ACC (Agent Connectivity Credentials) for connecting the agents and it was noticed that there were two agent communication profiles for the SMP server - one with the server name (the default one created during initial installation) and the other one with the server alias. The alias communication profile was the one used by all the targeted agent policies.

There was a conflict between having two agent communication profiles for the same server.

Resolution

In order to address this issue:

  1. Use the default Notification Server Communication Profile under Settings>Agents/Plug-ins>Symantec Management Agent>Symantec Management Agent Communication profiles (meaning placing all the agent targeted policies to use this one). The default one is the one that has the little "altiris" yellow icon on it:

     
  2. Add the alias name used for your SMP into this default one rather than having another Agent Communication Profile for the same SMP.
Powered by Wolken Software