Agent logs showing HTTP error: 401 Unauthorized (-2147209951)
search cancel

Agent logs showing HTTP error: 401 Unauthorized (-2147209951)


Article ID: 176644


Updated On:


IT Management Suite


The customer is attempting to setup Notification Server on a system running with SSL communication. On both the Notification Server & one test machine that has the Altiris Agent installed he is getting the following messages when the agents attempt to send basic inventory.

SendBasicInventory failed: HTTP Request Failed: The operation completed successfully. (-2147352567)
GET NTLM: Response to server challenge denied, check credentials are correct

Get 'HTTPS://<Notification Server>/ALTIRIS/NS/Agent/GetClientPolicies.aspx?xml=<Request configVersion="2"><WrkstaGuid>edf68cea-b5cc-45d2-bc02-53c388179415</WrkstaGuid></Request>&compress=1&hash=4f598109-761b-b099-3811-8d0a2c102c9a' failed: HTTP error: 401 Unauthorized (-2147209951)

HTTP error: 401 Unauthorized (-2147209951)


Cause 1:

The Altiris Agent uses anonymous access for all of its communication with the Notification Server. On the Notification Server the account in IIS that is used for anonymous access is the IUSR_ <Server Name> account. This account belongs to the local group Guests. Due to a Security Policy guest access to the system had been denied across the network.

Cause 2:

Anonymous Access has been Disabled in IIS


Resolution 1:

Modify the Local Security Policy to allow access to the system by the guest group.

  1. Goto Start->Administrative Tools->Local Security Policy
  2. Goto Local Policies\User Rights Assignment
  3. On the right hand side double click on Deny access to this computer from the network.
  4. Select the Guests group and click the Remove button.

*NOTE: If this computer is controlled by a Global Policy then you will need to make the modification to that policy, not the local one.

Resolution 2:

Re-enable Anonymous access in IIS.
  1. Click on Start -> Run
  2. Type inetmgr
  3. Expand the Web Sites folder
  4. Right-click on the Default Website and click on Properties
  5. Click on Directory Security  then on the Edit... button
  6. Ensure that the Enable anonymous access box is checked
  7. Get properties on the Altiris site and ensure that Anonymous access is enabled as well.
  8. If that does not resolve the problem, check the permissions down the actual page in question and ensure that the appropriate permissions are set.

Once the Permissions are fixed, you will no longer see the above-listed errors/warnings in the log files.

Applies To

Windows Server 2003 Standard Edition running IIS 6.0

Notification Server 6.0.6074 Service Pack 3 + R5