Some managed computers in the ITMS (IT Management Suite) environment are failing to report their Distinguished Name (DN) during Basic Inventory. In the Resource Manager or reports, the AeX AC Location - Distinguished Name field appears empty, even though the computer is joined to an Active Directory domain.

ITMS 8.6

The issue occurs during the Symantec Management Agent (SMA) inventory gathering process. When the agent queries Active Directory (AD) for the local machine's DN attribute, the AD API returns data in a "provider-specific" format that the agent cannot natively parse. This results in a COM error, causing the agent to skip populating that specific data field in the Inventory NSE (Notification Server Event).

The primary root cause is an unexpected response from the Microsoft Active Directory API.

Confirmed Root Cause:

When the SMA requests the distinguishedName attribute, the AD API returns the data in a raw or "provider-specific" format instead of a standard string. Because a specific AD "attribute schema" or provider mapping may be missing or corrupted on the client side or within the AD environment, the API fails to convert the object into a standard Fully Qualified Domain Name (FQDN) format.

Diagnostic Evidence:

Review the Agent Logs (typically located in C:\ProgramData\Symantec\Symantec Agent\Logs\) for the following error entry:

Error while gathering AD distinguished name, COM error: Unexpected response from AD query (0x80004005)

A code improvement was developed to handle these "provider-specific" data formats. The SMA now includes logic to recognize these non-standard responses and manually convert them into a valid textual name.

Apply Update: This fix is officially included in ITMS 8.6 RU3.

Upgrade Agents: Once the server is updated, roll out the new SMA version to the affected endpoints.

• • Navigate to Settings > All Settings > Agents/Plug-ins > Symantec Management Agent > Windows > Agent Upgrade.

  • Enable the upgrade policy for the affected targets.

Validation:  After the agent is upgraded, right-click the Agent icon in the system tray and select Send Basic Inventory.

• Check the logs to ensure the 0x80004005 error no longer appears.

• In the Console, go to Manage > Computers, right-click the device, and select Resource Manager > Inventory to confirm the Distinguished Name field is now populated.

[!NOTE] Note: While this fix addresses the known "provider-specific" format, if AD returns a completely different or unknown format in the future, the issue could technically recur. If the error persists after 8.6 RU3 release, further AD schema investigation may be required.