Environment
Notification Server 6.0
Technique is best suited for when the old and new database servers are on different hosts.
Cause
The SID's of the system and Altiris Administrators local group have changed from the information stored in the Altiris database. When the NS checks security it will fail to recognize the user as a member of the Altiris Administrators role
Resolution
NOTE:: For this to be supportable in Notification Server 7.x the source NS and destination NS servers must have the exact same name Fully Qualified name (e.g. thisNS.domain.com , it is not sufficient for just the machine name to match).
To recover from this situation. follow these steps:
1. Run the following SQL query on the database created during the NS install:
select Trustee
from SecurityTrustee
where Guid in
(select TrusteeGuid from SecurityRole where [Name] = 'Altiris Administrators')
2. Run the same query (above) on the database you can no longer access. This should return a different SID.
3. Run the following query on the database you can no longer access. This will replace the old SID with the current SID on the new NS server)
UPDATE SecurityTrustee SET Trustee = 'SID on working DB(step1)' WHERE Trustee = 'SID from the access denied DB (step2)' |
NOTE:: If the above-mentioned method does not restore access to the NS Console, run the following SQL Commands in Succession against the Database:
spStringCacheDisable
spStringCacheEnable
After running these two commands, refresh your console page. The Console page should load.