Generic error: “Error saving changes.” returned when attempting to save changes to Patch Management Software update policies


Article ID: 184211


Updated On:


Notification Server Agent for Unix/Linux (Altiris)


When attempting to save any changes made to Software Update Policies the operation fails with a generic “Error saving changes.” Box at the top of the policy dialogue.



The error is written into the SMP logs similar to the following:


<![CDATA[Error saving advert set policy: (POLICY NAME).

( Exception Details: Altiris.NS.Exceptions.AeXException: Unable to lookup the SID associated with the specified account ---> System.ArgumentException: String cannot be of zero length.
Parameter name: name
at System.Security.Principal.NTAccount..ctor(String name)
at Altiris.NS.Security.SecurityTrusteeProvider.LookupSidFromName(String scope, String name)
--- End of inner exception stack trace ---
at Altiris.NS.Security.SecurityTrusteeProvider.LookupSidFromName(String scope, String name)
at Altiris.NS.UI.Controls.UserSettings.UserNameToSID(String user)
at Altiris.NS.UI.Controls.UserSettings.SaveSettings(String user, String id, Object settings)
at Altiris.PatchManagementCore.Web.Policies.SoftwareUpdateTask.btlOKCancel_ApplyClicked(Object sender, EventArgs e) )
( Exception logged from:
at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, String category, Exception exception)
at Altiris.NS.Logging.EventLog.ReportException(String strMessage, Exception exception)
at Altiris.PatchManagementCore.Web.Policies.SoftwareUpdateTask.btlOKCancel_ApplyClicked(Object sender, EventArgs e)
at Altiris.WebControls.ButtonState.RaiseClick()
at Altiris.WebControls.ButtonListControl.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.policies_softwareupdatetask_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
( Extra Details: Type=Altiris.NS.Exceptions.AeXException Src=Altiris.NS

Inner Extra Details: Type=System.ArgumentException Src=mscorlib )]]></event>






The expected authentication is not occurring which results in the HTTP user context being blank or without a value that can be resolved to a SID.  The root of the problem was that the page was set to allow “anonymous” access which was preventing the forced authentication from occurring.

 Explanation:  Patch Management edit pages, such as “SoftwareUpdateTask.aspx” verify the console user by calling for the user’s “HTTP context”. If no value is returned, or a value with no “domain\user” format then the associated SID will not be able to be resolved, which results in the error.

To test and see what is being returned when the edit page is loaded then do the following:

1.    Edit the file “.\Program Files\Altiris\Patch Management\Core\Web\Policies\SoftwareUpdateTask.aspx
2.    Add the following line right below the <head> tag:   <input type="text" value="<%=this.Context.User.Identity.Name%>" size="60">
3.    Save the file, reload the page and select the policy. At the top of the page will be a box that should contain the current user’s HTTP context. If the box is empty or showing a value formatted other than “domain\user” then the root cause is confirmed.





1.    Open IIS Manager and go to “Default Web Site > Altiris > PatchManagementCore > Policies
2.    Right click and select “Switch to Content View
3.    In the right pane select “SoftwareUpdateTask.aspx” then right-click and select “Switch to Features View
4.    In the IIS section double-click on “Authentication
5.    If “Anonymous Authentication” is enabled right-click on it and change it to disabled.
6.    In Internet Explorer select “Tools > Internet Options >”.
7.    Select the “Security” tab. Then select “Local Intranet”. Then select the “Sites” button, and finally the “Advanced” button.
8.    Add the SMP server to the local zone: 
Example:   http://AltirisSMP01
When the policy edit page is refreshed again the box should show the full HTTP user context and the policy should be able to be edited and saved.


Applies To


Patch Management Solution 7.1 SP2 MP1

Symantec Management Platform 7.1 SP2 MP1