search cancel

When installing new Symantec Agents they are not able to register with Task Servers, getting errors like: The logon attempt failed (0x8009030C)

book

Article ID: 229803

calendar_today

Updated On:

Products

Client Management Suite

Issue/Introduction

All newly deployed Sym Agent's (as well as when uninstalling/reinstalling) are unable to successfully connect to Task Server servers and the following message is see in the SMP logs:

Severity: 1
Date: 12/3/2021 12:29:14 PM
Tick Count: 191249796
Host Name: <SMPserver>
Process: AeXNSAgent.exe (5044)
Thread: 15764
Module: AeXNetComms.dll
Source: NetworkOperation
Description: 
  Operation 'Direct: Head' failed. 
Protocol: HTTPS 
Host: <TaskServer>:443 
Path: /Altiris/ClientTaskServer/Register.aspx 
Connection Id: 3.5044 
Communication profile Id: {AC6A3AC8-08FE-4B9B-8B0D-DB13B1F078D3} 
Throttling: 0 0 0 
Error type: HTTP error 
Error code: HTTP error occurred (0x80042D21) 
Error note: Authentication failed, response to server challenge denied, check credentials are correct, error: The logon attempt failed (0x8009030C) 
Server HTTPS connection info: 
   Server certificate: 
      Serial number: 48 6b f5 fe 3e 80 9c c9 56 15 f0 f8 af eb 06 f2 f4 17 e3 d2 
      Thumbprint: 7e 46 36 86 63 00 d6 fb bf 5b f5 fa f5 86 9a 0a 87 26 96 83 
   Cryptographic protocol: TLS 1.2 
   Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
   Cipher algorithm: AES 
   Cipher key length: 256 
   Hash algorithm:  
   Hash length: 0 
   Key exchange algorithm: ECDH 
   Key length: 255

Other message descriptions also seen in the SMP logs include:

Task Server Connection: Attempting to register on Task Server '<TaskServer>' using 'https://<TaskServer>:8443/Altiris/ClientTaskServer/Register.aspx'

Task Server Connection: Registering on Task Server 1 of 2: name: <TaskServer>, active: false, http: 0, https: 8443, value: 0, shares: 3765, installed on NS: false

Task Server Connection: Failed to establish persistent connection to TS at 'https://<TaskServer>:8443/Altiris/WebSockets', error: Catastrophic failure (0x8000FFFF)

Authentication failed, response to server challenge denied, check credentials are correct, error: The logon attempt failed (0x8009030C)

This process of deploying new Sym Agents (as well as uninstalling/resintalling) was working one day and overnight it quit working.  Verified that the Communication Profiles and SSL/TLS settings were all correct and nothing here had changed.

Environment

ITMS 8.6 GA

 

Cause

Found that the Active Directory team had made some changes overnight on the Altiris service accounts, these changes were made to the ‘Logon to’ setting and have set this to having limited permissions.

Resolution

Changed the Altiris service accounts back to being a Domain Administrator and then newly installed Sym Agents were again able to register to Task Servers.