Prevent UNC code bases from being offered by site servers configured strictly for CEM

book

Article ID: 181572

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

When a Package Server is promoted to a STRICTLY CEM enabled, Internet facing Site Server, HTTPS is the only valid code base, or download location. If the environment is already setup to use HTTPS, typically the setup will work. If HTTP is used, or even partially used, the CEM Site Server requires additional configuration to ensure CEM enabled and active clients can use the Site Server.

The following two changes will ensure the CEM clients are only handed HTTPS code bases to download packages from. The first step is covered in the documentation, however it is worth bringing up here.

Enabling HTTPS

  1. On the Package Server, open regedit.
  2. Create the following key: HKLM | Software | Altiris | Altiris Agent | Package Server
  3. DWORD > EnableHTTPSOverride
  4. Value: 1

Disable UNC
(Note that the CEM enabled clients will attempt HTTPS first, but this will remove the possibility of falling back to UNC, which will never work)

  1. On the Package Server, open regedit.
  2. Create the following key: HKLM | Software | Altiris | Altiris Agent | Package Server
  3. DWORD > EnableUNCOverride
  4. Value: 0

 NOTE: The Agent will typically figure out what method to use, but the above can help situations where the Site Server is only serving CEM enabled clients.

In ITMS 7.6 and 8.0 the codebase publishing can be controlled using the "All Settings>Notification Server>Site Server Settings>Package ServicePackage Service Settings".