The customer noticed that the Symantec Management Agent service was stopping and restarting randomly after a recent Agent upgrade.
The agent logs shows entries like these ones:
Entry 1:
Security of 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys' was adjusted
-----------------------------------------------------------------------------------------------------
Date: 11/08/2020 15:15:05, Tick Count: 427836687 (4.22:50:36.6870000), Size: 311 B
Process: AeXNSAgent.exe (12876), Thread ID: 12264, Module: AeXAgentExt.dll
Priority: 4, Source: AgentStorage
Entry 2:
Failed to initialize agent storage: Access is denied (0x00000005)
-----------------------------------------------------------------------------------------------------
Date: 11/08/2020 15:15:05, Tick Count: 427836703 (4.22:50:36.7030000), Size: 294 B
Process: AeXNSAgent.exe (12876), Thread ID: 12264, Module: AeXNSAgent.exe
Priority: 1, Source: Agent
Entry 3:
Unable to preprocess received client status data.
DecryptData failure. Error 5
[System.Runtime.InteropServices.COMException @ Altiris.TaskManagement.Common]
at Symantec.NSAgent.AgentStorage.DecryptData(Byte[] encryptedData, UInt32 flags)
at Altiris.TaskManagement.Common.ClientTask.Communication.NsIdentityContext.EnsureExecutedAsLocalSystemIdentity[TResult](Func`1 fn, ThrottledLogAction`2 logAction)
at Altiris.ClientTask.Server.ClientTaskServer.PreProcessClientStatusXml(Boolean encrypted, String statusXml, Guid secretGuid)
COM Exception errcode: 0x5
Another symptom was that the Symantec Management Agent UI is not loading when trying to use AeXAgentActivate.exe:
Failed to start the session or activate the object '{FF1B80EC-257A-4DF9-8712-74150E4ADB2A}' in session 1, COM error: Cannot get the session manager, agent is initializing (0x80070005)
-----------------------------------------------------------------------------------------------------
Date: 11/08/2020 15:09:07, Tick Count: 427478625 (4.22:44:38.6250000), Size: 435 B
Process: AeXAgentActivate.exe (12608), Thread ID: 15004, Module: AeXAgentActivate.exe
Priority: 1, Source: AeXAgentActivate
ITMS 8.1, 8.5. 8.7
In this particular scenario, the client machine had a Windows error that caused a blue screen before they started noticing this issue.
After further review, it was found that the Altiris Service Account did not have needed permissions under the folder "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys".
Follow below steps:
NOTE: After hitting apply, "Access Denied" errors may appear on as many as 5 subdirectories. This is normal in many situations, click accept.
After running the steps above, you may need to restart the client machine to make sure the changes done to the MachineKeys directory takes effect.
Note:
In case that the steps above didn't help, check the Windows Application Event Log. In some rare situations, an anti-virus may be blocking the access for the AeXNSAgent.exe to the MachineKeys folder.