Client Machines not connecting in CEM mode: Error Code (0x8007274C)

Products

IT Management Suite

Issue/Introduction

After doing some network updates and upgrading the SMP Server from 8.6 RU2 to 8.6 RU3 version, issues are now being seen with client machines not been able to connect in CEM (Cloud-Enabled Management) mode. The following errors are seen in the agent logs:

Operation 'CEM: Connect' failed.
Protocol: HTTPS
Original host: smp01.example.com:443
Real host: gatewaycem1.example.com:443
Path: /
Connection id: 19.892
Communication profile id: {3C91B641-55DA-48FD-8748-22AB3611F3C6}
Throttling: 0 0 0
Error type: Connection error
Error code: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond (10060)
Error note: SocketIOStrategySyncSelect::Connect error

Followed by the error:

Request 'HTTPS://smp01.example.com:443/altiris/NS/Agent/ConnectionTest.asp' failed, COM error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond (0x8007274C)

Note: Similar error message could be seen:

Operation 'CEM: Connect' failed.
Url: HTTPS://smp01.example.com:443/Altiris/ClientTaskServer/GetTasks.aspx?isInMaintenanceWindow=true&resourceGuid=ExampleGUID&crc=0008000700000D3F
Connection path: 1.4 - Via gateway 4: [192.168.xx.xx, Wi-Fi] -> inetgw01.example.com [130.14.xxx.xx:443] ->smpdev801.example.com:443
Connection id: 30.5512
Communication profile id: {3C91B641-55DA-48FD-8748-22AB3611F3C6}
Throttling: 0 0 0
Connecton stage: Gateway connect
Error type: Connection error
Error code: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond (10060)
Error note: Failed to connect sync socket 000000000000100C to 130.14.xxx.xx:443
Connection path id: 0f 24 8f 01 c0 69 90 a9 ef de 56 4f c9 81 d1 54 6e 0a d2 b7

Environment

ITMS 8.x, 8.7.x

Cause

This was an environmental issue due to the network configuration.

The message mentioned above usually indicates:

that a client machine in CEM mode is able to get to the Gateway but didn’t get a response in a timely matter. Usually this happens when there is a network device like a firewall, proxy, load balancer, etc. that may be holding up the response or redirecting it or the proper firewall rule is missing.
We have also seen this when the specified port is blocked or not open.
As well another reason has been that the client machine gets to the gateway but the gateway can’t talk to the SMP Server in order to open a connection for this client machine's request.

Resolution

This was a network configuration issue as mentioned above. If you see this then check with your network team and verify with them that the proper firewall rules for your Internet gateway are in place.

In this particular situation, it was found that a firewall had been replaced in the data center they did not recreate the rules for their Internet Gateway. After creating the firewall rules the CEM communication started working.

Check the following regarding your firewall rule(s):

Open the Windows Firewall on the Server where the Internet Gateway is installed on
Select "Inbound Rules"
Select the "SMP Internet Gateway" incoming port and double click it.
Select the "Programs and Services" Tab
Select the "Services Settings" tab (The apply to this service radial button is selected for Symantec Management Platform Internet Gateway)
Change the "Apply to this server" radial button to "Apply to all programs and services"
Save changes

Additional Information

184952 Ports and Protocols for Symantec IT Management Suite (ITMS) 8.x

Cloud-Enabled Management Troubleshooting and Maintenance Tasks