Importing computers from AD suddenly began failing to import the resources. The NSE generated during AD Import is empty. The only evidence in the failure is two errors in the NS logs containing something similar to the following (excerpt):
Entry 1:
Error writing resource NSE for rule: {DC68B3AB-F188-46EE-8430-7343732424DA}
' ', hexadecimal value 0x1E, is an invalid character.
[System.ArgumentException @ System.Xml]
at System.Xml.XmlEncodedRawTextWriter.InvalidXmlChar(Int32 ch, Char* pDst, Boolean entitize)
at System.Xml.XmlEncodedRawTextWriter.WriteAttributeTextBlock(Char* pSrc, Char* pSrcEnd)
at System.Xml.XmlEncodedRawTextWriter.WriteString(String text)
at System.Xml.XmlWellFormedWriter.WriteString(String text)
at System.Xml.XmlWriter.WriteAttributeString(String localName, String value)
at Altiris.DirectoryServices.DirectoryImport.DirectoryDataProcessor.WriteUserGroupInventoryData(ResourceRef reRef, DirectoryElement dirElement, NSMessageGenerator gen)
at Altiris.DirectoryServices.DirectoryImport.DirectoryDataProcessor.GenerateStep(NSMessageGenerator gen, DirectoryElementCollection col)
at Altiris.DirectoryServices.DirectoryImport.DirectoryDataProcessor.Generate(DirectoryElementCollection source)
Entry 2:
ImportDistributionGroups failed: Unable to load the specified item: 0cf4de32-eafd-e4e0-bbd4-d1e59869f653
Unable to load the specified item: 0cf4de32-eafd-e4e0-bbd4-d1e59869f653
[Altiris.NS.Exceptions.AeXException @ Altiris.NS]
at Altiris.NS.ItemManagement.Item.Load(Guid itemGuid)
at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags, Boolean& cacheHit)
at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags, Boolean vigorous)
at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
at Altiris.DirectoryServices.DirectoryImport.DirectoryItemImporter.PeekReadableLoadWriteable[T](Guid guid, Boolean forceWriteable)
at Altiris.DirectoryServices.DirectoryImport.DirectoryItemImporter.CreateCollection(String strName, ArrayList nameArgs, Boolean bLocalizeName, String strDescription, ArrayList descriptionArgs, Boolean bLocalizeDesc, Guid type, String key, String path, Boolean& exist, Boolean& changed)
at Altiris.DirectoryServices.DirectoryImport.DirectoryItemImporter.CreateDistributionCollections(Groups2Collections col, GcEntry e)
at Altiris.DirectoryServices.DirectoryImport.DirectoryItemImporter.CreateDistributionCollections(OperationProgressIterator op, Groups2Collections col)
'_', hexadecimal value 0x1E, is an invalid character. Line 9, position 183.
ITMS 8.x
There was an invalid/unexpected character in the name of one of the security groups the computers being imported were members of.
The following steps outlines how the problem was isolated:
Writing resource xml: CN=NXXX18XX,OU=Laptops, OU=Windows10,OU=Clients,DC=Support,DC=Example,DC=Com,
type=493435f7-3b17-4c4c-b07f-c23e7ab7781f,
fqdn=NXXX18XX.Support.Example.Com,
nameDomain=NXXX18XX.Support,
ref=E5BAFB73AE53C535056982ABA0B607EE
Next Phase:
<m c="User, Computer" u="122487290" i="5063" r="515" dn="CN=NX9818XX,OU=Laptops,OU=Windows10,OU=Clients,DC=Support,DC=Example,DC=Com">
<p c="Group" u="121334829" dn="CN=RAD_ALTIRIS_ALL_MACHINES_MIGRATION,OU=Radia,OU=Draper,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=ALT_Adobe_Acrobat_Pro_11,OU=Altiris,OU=Example,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=ALT_Cherwell_Service_Mgmt_Client_9_3_1,OU=Altiris,OU=Example,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=ALT_Cisco_Jabber_11_6_0_35037,OU=Altiris,OU=Example,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=ALT_NetSkope_Client_66.0.0.327,OU=Altiris,OU=Example,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=ALT_Office_2013_Standard,OU=Altiris,OU=Example,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=ALT_Project_2013_STD,OU=Altiris,OU=Example,OU=Integrated Applications,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=CG_DENY_BITLOCKER,OU=Managed Groups,OU=Groups,DC=Support,DC=Example,DC=Com" />
<pr dn="CN=CG_UnifiedAccess,OU=Managed Groups,OU=Groups,DC=Support,DC=Example,DC=Com" />
</m>
There is/was a hidden character in the name of the group that was visible only as a space as seen above in red.
Note: Don't forget to revert back the changes done to "ADSaveDiscoveryResults" and the verbosity on the NS logs.
Rename the group so that it contains standard and visible characters.
Run again the Computer AD Import Rule to verify that the problem has been resolved.