There have been a few issues revolving around the "Allow encrypted session" option within the GSS 3.x product. Many of these require a work around which is to disable the encrypted session option on the client side. The difficult thing about this is that in some situations, the Dagent is not successfully connecting to the GSS console which means you can deliver anything through GSS to fix the issue.
3.x
The answer to your problem is to build a .reg file from a working Dagent and then deliver it to your other clients through a domain GPO or if you have our ITMS product installed you can deliver a package through it.
You first need to create a .reg file of the need value change:
Your file should look liike this:
Windows Registry Editor version 5.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Client Service]
"EncryptSessions"=dword:00000000
This is all you'll need as far as files go. This file will be your new package
You then need to deliver this file to all machines that require the registry key change. To run this file and make the change you'll need to run the following command.
regedit /s /i <filename.reg>
You may need to include the path to the file depending on how you deliver the file to your client machines.
To get this change to take affect you'll need to restart the Dagent service on the machine. You can use netstop and netstart to do this.
Here's the link from Microsoft.
https://technet.microsoft.com/en-us/library/cc736564(v=ws.10).aspx