After switching the IT Management Suite (ITMS) environment to Token Authentication, clients are failing to download packages from the Symantec Management Platform (SMP) server. The client logs show an HTTP status 403: The client does not have sufficient access rights (0x8FA10193) error during the package download attempt.

IT Management Suite (ITMS) 8.7.3,  8.8 GA

Authentication Method: Token Authentication is enabled and fully in use.

Configuration: No Package Servers (PS) are involved; clients are downloading directly from the SMP server.

Specific Setting: A GPO is enforced on the SMP server setting the Minimum password length to a value greater than 14 characters (e.g., 16 characters).

This issue is caused by the Symantec Management Agent (SMA) on the SMP server being unable to successfully create the internal _SMP_IUSR account due to restrictions, specifically a Group Policy Object (GPO) setting the minimum password length to greater than the default length used by the SMA.

The SMA running on the SMP server is responsible for creating and managing an internal Windows user account named _SMP_IUSR. This account is essential for secure internal communication and package access when using Token Authentication, especially for downloads from the SMP.

Without the _SMP_IUSR account, the package download mechanism fails with the HTTP 403 (Forbidden) error, as the client lacks the sufficient access rights provided by this internal setup.

This issue has been reported to our Broadcom Development team. A fix has been added to our next ITMS 8.8.1 Release.

As well, now SMA logs shows user friendly messages:

Failed to read system security settings, will be using 14 character long password, error: The system cannot find the file specified(0x00000002)

Recommended Action: Apply a Cumulative Point Fix

A pointfix was implemented to allow the SMA to correctly obtain and use the system's security policy for the account creation. Apply the relevant cumulative PointFix (PF) or a later version for your ITMS release:

• For ITMS 8.7.3: Install SMA_SMP_8_7_3_PF_v11 or later.

  • Reference: CUMULATIVE POST ITMS 8.7.3 POINT FIXES

• For ITMS 8.8: Install SMA_SMP_8_8_PF_v6 or later.

  • Reference: CUMULATIVE POST ITMS 8.8 RTM(GA) POINT FIXES