Error: "Failed to add Firewall exception for CEM Port" where upgrading ITMS to a newer version
search cancel

Error: "Failed to add Firewall exception for CEM Port" where upgrading ITMS to a newer version

book

Article ID: 277295

calendar_today

Updated On: 07-10-2025

Products

Client Management Suite

Issue/Introduction

While upgrading from 8.6 RU3 to 8.7.1, the upgrade failed at 53% at Configure Altiris Notification Server. A reconfigure of the Symantec Management Platform 8.7.1 also failed at the same point (except it was at 52%, but the errors were the same).

The Notification Server (NS) logs showed this error:

"Failed to add Firewall exception for CEM Port."

Object reference not set to an instance of an object.
   [NullReferenceException @ Altiris.NS.dll]
   at Altiris.NS.Utilities.AgentSite.AgentSiteConfigurationSettings.get_SitePortIIS()
   at Altiris.NS.StandardItems.Product.CoreSolutionHelper.AddFirewallPortException()

Exception logged from:
   at Altiris.Diagnostics.Logging.EventLog.ReportException(int, string, string, Exception, string)
   at Altiris.NS.StandardItems.Product.CoreSolutionHelper.AddFirewallPortException()
   at Altiris.NS.StandardItems.Product.CoreSolutionInstallation.OnInstallProductAgentSite(XmlNode)
   at Altiris.NS.StandardItems.Product.ProductInstallation.OnInstallProduct(XmlNode)
   at Altiris.NS.StandardItems.Product.CoreSolutionInstallation.OnInstallProduct(XmlNode)
   at Altiris.NS.StandardItems.Product.ProductInstallation.InstallProduct()
   at Altiris.NS.StandardItems.Product.CoreSolutionInstallation.InstallProduct()
   at Altiris.NS.AeXConfig.ConfigureInstallation(string, bool)
   at Altiris.NS.AeXConfig.ConfigureInstallation()
   at Altiris.NS.AeXConfig.Perform(IList<string>)
   at Altiris.NS.AeXConfig.Main(string[])

Process: AeXConfig (14544), Thread ID: 1, Module: Altiris.NS.dll
Priority: 1, Source: AgentSiteConfigurationSettings.get_SitePortIIS

You may also see this error depending on the situation:

Cannot get NS Agent Site setting 'Agent Site Name' from registry or it is empty.
   [Altiris.NS.Exceptions.AeXException @ Altiris.NS]
   at Altiris.NS.Utilities.AgentSite.AgentSiteConfigurationSettings.GetRegistryValue[T](String registryParameter)
   at Altiris.NS.Utilities.AgentSite.AgentSiteConfigurationSettings.get_AgentSiteName()
   at Altiris.NS.StandardItems.Product.CoreSolutionHelper.FixNsCapBinHandlers()
   at Altiris.NS.StandardItems.Product.CoreSolutionHelper.ConfigureNSCapFolder()
   at Altiris.NS.StandardItems.Product.CoreSolutionInstallation.OnInstallProduct(XmlNode installationNode)
   at Altiris.NS.StandardItems.Product.ProductInstallation.InstallProduct()
   at Altiris.NS.StandardItems.Product.CoreSolutionInstallation.InstallProduct()
   at Altiris.NS.Installation.ProductConfigurationWorker.ConfigureProductInternal(String configFile, Boolean ownsProgressContext, SerializationMode serializationMode)
   at Altiris.NS.Installation.ProductConfigurationWorker.ConfigureProduct()

Environment

ITMS 8.x

Cause

Unknown, possibly due to either a manual uninstallation of some Cloud-Enabled Management (CEM) component or due to security restrictions in IIS. 

Resolution

The following workaround resolved this issue:

  1. Exporting and then deleting the NS Agent Site hive (HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\NS Agent Site)
  2. Exporting HKEY_LOCAL_MACHINE\SOFTWARE\Altiris
  3. Deleting the TsSecondaryWebSite and AgentWebSite Values in HKEY_LOCAL_MACHINE\SOFTWARE\Altiris
  4. Deleting the Symantec Agent site in ISS Manager followed by an IISReset
  5. Ran the reconfigure of Symantec Management Platform 8.7.1 in the Symantec Installation Manager (SIM)
  6. Were then able to access all areas of the console. Enabled the setting, "Add IIS Website for cloud-enabled management agent connections" checkbox in the Cloud-enabled Management Agent IIS Website Settings policy, choosing the appropriate certificate. 
  7. Verified this recreated the Symantec Agent site in IIS with the correct bindings.