Why is the Notification Server saying that all of the Package Servers packages are invalid?


Article ID: 179719


Updated On:


Management Platform (Formerly known as Notification Server)






I notice that when I look at the Package Server status in Notification Server that their packages are displayed as invalid. When I look at the Package Server Console on the Package Server, I notice that the Package Server displays its packages as ready.

So I created a new package and confirm that the Package Server downloads it and displays it as available  However, Notification Server initially displays it as pending until it receives data from the Package Server, and then the Notification Server displays it as invalid.

The agent.log file contains the following errors:

<event date='May 16 11:51:05' severity='2' hostName='pc100' source='CreateDirectoryPath' module='AeXNSAgent.exe' process='AeXNSAgent.exe' pid='724' thread='1740' tickCount='495844828' >
  <![CDATA[Cannot create directory: 0x80070005 [Access is denied] d:]]></event>
<event date='May 16 11:51:05' severity='2' hostName='pc100' source='EventTransport' module='AeXNSAgent.exe' process='AeXNSAgent.exe' pid='724' thread='1740' tickCount='495844843' >
  <![CDATA[Error while copying event to capture directory: Access is denied (-2147024891)]]></event>

Every package is associated with the following error when the Send Package Status is run and is recorded in the 'Package Status' NSE file as well as the SWDPackageServer Table:

The trust relationship between this workstation and the primary domain failed(1789).

When I look at NTFS permissions, I notice that the .\Package Delivery\<Guid> directories on the Package Servers that the Notification Server is displaying as having invalid packages, that there is only the Administrator and SYSTEM accounts present.


Notification Server 7.x, 8.x
Package Servers

The Package Server has failed to add the credentials configured for the Settings tab > Notification Server > Site Server Settings > Site Server Settings tree > Package Services > Package Service Settings > Security Settings.

You can choose from Anonymous access (default one), Application credentials (AppId), or specify a set of credentials to use (under "Click here to modify Agent Connectivity Credentials")


  1. Manually request a new Client Settings Policy for every Package Server, so as to ensure that we are working within the full window between Configuration Requests, thus not affecting the Package Servers that are functioning correctly.
  2. Configure the Security Settings for the Package Service Settings for anonymous access, so as to revert the PSAgent to its defaults.
  3. Manually request a new Client Settings Policy for every problem Package Server.
  4. Configure the Agent Connectivity Credentials for the AppId again.
  5. Manually request a new Client Settings Policy for every problem Package Server.
  6. Manually send a Package Status from all problem Package Servers to Notification Server.
  7. Notification Server should now start displaying these Package Servers as having packages that are ready instead of invalid.



You may also have to perform this procedure afterwards on the Package Server:

  1. Remove the .\Altiris\Notification Server\Snapshots\<GUID>.xml files from Notification Server.
  2. Remove the .\Altiris\Altiris Agent\Package Delivery\<GUID>\snapshot.xml file from all GUID directories on the Package Server.
  3. Remove the .\Altiris\Altiris Agent\Package Server Agent\PackageStatus\<GUID>\PackageStatus.xml files from all Guid directories.
  4. Run the NS.Package.Refresh scheduled task on Notification Server.
  5. Update the Symantec Management Agent's configuration policy on the Package Server.
  6. Send the package status on Notification Server.