All newly deployed Sym Agent's (as well as when uninstalling/reinstalling) are unable to successfully connect to Task Server servers and the following message is see in the SMP logs:

Severity: 1
Date: 12/3/2021 12:29:14 PM
Tick Count: 191249796
Host Name: <SMPserver>
Process: AeXNSAgent.exe (5044)
Thread: 15764
Module: AeXNetComms.dll
Source: NetworkOperation
Description: 
  Operation 'Direct: Head' failed. 
Protocol: HTTPS 
Host: <TaskServer>:443 
Path: /Altiris/ClientTaskServer/Register.aspx 
Connection Id: 3.5044 
Communication profile Id: {AC6A3AC8-08FE-4B9B-8B0D-DB13B1F078D3} 
Throttling: 0 0 0 
Error type: HTTP error 
Error code: HTTP error occurred (0x80042D21) 
Error note: Authentication failed, response to server challenge denied, check credentials are correct, error: The logon attempt failed (0x8009030C) 
Server HTTPS connection info: 
   Server certificate: 
      Serial number: 48 6b f5 fe 3e 80 9c c9 56 15 f0 f8 af eb 06 f2 f4 17 e3 d2 
      Thumbprint: 7e 46 36 86 63 00 d6 fb bf 5b f5 fa f5 86 9a 0a 87 26 96 83 
   Cryptographic protocol: TLS 1.2 
   Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
   Cipher algorithm: AES 
   Cipher key length: 256 
   Hash algorithm:  
   Hash length: 0 
   Key exchange algorithm: ECDH 
   Key length: 255

Other message descriptions also seen in the SMP logs include:

Task Server Connection: Attempting to register on Task Server '<TaskServer>' using 'https://<TaskServer>:8443/Altiris/ClientTaskServer/Register.aspx'

Task Server Connection: Registering on Task Server 1 of 2: name: <TaskServer>, active: false, http: 0, https: 8443, value: 0, shares: 3765, installed on NS: false

Task Server Connection: Failed to establish persistent connection to TS at 'https://<TaskServer>:8443/Altiris/WebSockets', error: Catastrophic failure (0x8000FFFF)

Authentication failed, response to server challenge denied, check credentials are correct, error: The logon attempt failed (0x8009030C)

This process of deploying new Sym Agents (as well as uninstalling/resintalling) was working one day and overnight it quit working.  Verified that the Communication Profiles and SSL/TLS settings were all correct and nothing here had changed.

ITMS 8.6 GA

Found that the Active Directory team had made some changes overnight on the Altiris service accounts, these changes were made to the ‘Logon to’ setting and have set this to having limited permissions.

Changed the Altiris service accounts back to being a Domain Administrator and then newly installed Sym Agents were again able to register to Task Servers.