What are some of the suggestions for how to troubleshoot Altiris Agent connection and communication problems?
Note: This information was collected from multiple articles in the Altiris Knowledgebase that seem to be helpful. These are general suggestions of what to look for in this type of situation. Search the Knowledgebase for more suggestions on specific problems with the Altiris Agent.
Does the NS client have a machine GUID in the registry?
If it does have a GUID, does that GUID exist in the Notification Server database? From SQL Query Analyzer (with the Notification Server database selected) do: select * from vcomputer where GUID = '42001c36-02b3-4c25-bdc0-4b515fba5108' (Note: Put the Full GUID between the '' (single quote marks)). If you use the like operator, follow this next syntax to make sure you get the information because if the Notification Server is on a case sensitive database, you might not see what you should be seeing: select * from vcomputer where lower(GUID) like lower ('%%').
Note: Put the partial GUID between the (%%.) If the GUID is in the database, does the information match the client you are looking at (name, domain, and so on)? If the information does not match, check to see if operating system images used with the Notification Server client installed or a RIP of an Notification Server client install. The problem could be caused by either one with the GUID not properly cleaned from the registry.
If there is no GUID then the computer hasn't contacted the Notification Server or the request made to the Notification Server failed. This could be due to network issues (routing and proxy configurations) as well as unavailability of the Notification Server (if the system is paused, for example).
Are the file Permissions all set (default) on the Notification Server?
If all computers can't get policies or send data check the permissions on postevent.aspx and getclientpolicies.aspx and createresource.asp. Users security group should have read permissions (and IUSR_<computername> should be a member of users). Also check the EvtQueue and EvtQFast directories. The Users security group should have read and write permissions (and IUSR_<computername> should be a member of the users group).
Note: The Users groups doesn't have to have the permissions listed. The IUSR_<computer name> account can itself have the permissions directly.
You can see if the NS client computers are having problems getting to these files by setting the Notification Server name (FQDN, NetBIOS, and IP address) to be in the Restricted Sites Internet Explorer security zone on one or more of the Notification Server client computers, and then make sure the custom security on this zone is set for User Authentication > Logon > Anonymous logon. (This makes sure that the connection is anonymous to these pages on the Notification Server, which is the same as how the Notification Server client does it.) Then in a browser window, one of the Notification Server clients computers where the Internet Explorer security has been configured as above go to http://<server name>/Altiris/NS/Agent/postevent.aspx or getclientpolicies.aspx or createresource.aspx or NSCap. You should get one of the following messages:
"<error number="80041002" nsVersion=”6.0.4603”>
<![CDATA [ The client policies request XML is invalid.”
"- <error number="80041002">
<![CDATA[The create resource request XML is invalid."
If you don't get the messages shown above then there is something wrong with the anonymous access to these files. Check the security on these files for the users group and that IUSR_<computer name> is a member of the users group.
Note: The Users groups don't have to have the permissions listed. The IUSR_<computer name> account can itself have the permissions directly.
Check the Wrksta table to see if there is any info about this computer. From SQL Query Analyzer (with the Notification Server database selected) do: select * from Wrksta where name like '%%'. (Note: Put the name or even part of it between the %%.)
How is the name of the server shown in the Notification Server client window? Try changing from FQDN to NetBIOS (or the other way around if NetBIOS is listed).Go to Computer management on your Notification server and make sure that the account that you want to use for NS and connecting to the Altiris Agent has not a red X on it as well it is a built-in account for anonymous access (see screenshot):