You noticed an issue with certain packages where files can't be downloaded.
While looking at the agent logs on the package server, while trying to download on of the packages from the parent package server, the following message was noticed:

Operation 'Direct: Get File' failed.
Protocol: HTTPS
Host: SMPpackageserver.example.com:443
Path: /Altiris/PackageShare/pkggroup_6ykjcujis53l4vp6uzwtb55fy74aa6by/6.1.1010/checksum.log
Id: 10550.3132
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication (0x8FA10191)
Error note: Authentication: Response to server challenge denied, server authentication methods are not supported


If you go to the actual package link:
http://SMPpackageserver.example.com/Altiris/PackageShare/pkggroup_6ykjcujis53l4vp6uzwtb55fy74aa6by/6.1.1010

You got a message about not able to authenticate.

If you add "Everyone" to the permissions on the actual file (/6.1.1010/checksum.log) on the origin package server and after this if the package is requested again, it is able to download.

So far after trying to run ProcMon on the origin package server, you can see that there is a CreateFile call with Access Denied. According to ProcMon the desired access is "Generic Read" and NT AUTHORITY\SYSTEM is the one impersonating.

Operation 'Direct: Get File' failed.
Protocol: HTTPS
Host: SMPpackageserver.example.com:443
Path: /Altiris/PackageShare/pkggroup_6ykjcujis53l4vp6uzwtb55fy74aa6by/6.1.1010/checksum.log
Id: 10550.3132
Error type: HTTP error
Error code: HTTP status 401: The request requires user authentication (0x8FA10191)
Error note: Authentication: Response to server challenge denied, server authentication methods are not supported
Server HTTPS connection info:
Server certificate:
Serial number: xx xx xx xx xx xx 41 5d 81 03 8c 82 c8 d3
Thumbprint: xx xx xx xx xx fa 87 c3 22 65 4b 48 ba 89 58 59 bc 66
Cryptographic protocol: TLS 1.0
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm: SHA1
Hash length: 160
Key exchange algorithm: ECDH_P256
Key length: 256
-----------------------------------------------------------------------------------------------------
Process: AeXNSAgent.exe (3132), Thread ID: 4544, Module: AeXNetComms.dll
Priority: 1, Source: NetworkOperation
 

ITMS 8.1 and later

Lack of permissions on package shares. Permissions issues on the file directory where the main package resides. It was failing because it was missing the proper permissions to authenticate, even when the package was set to anonymous authentication.

In this particular scenario, the customer setup anonymous access to his packages. It was required to add "Authenticated Users" due to some GPO restrictions.

Make sure the package repository folder from where the package/file is been downloaded from has:

• Read and Execute
• List Folder Contents
• Read

for "Authenticated Users" and that "Authenticated Users" group is listed in Security tab.

Also verify that those packages shared folder on Package Server has "Authentication Users" group with read and execute permission.