search cancel

Downloading Notepad++ updates from GitHub are failing with error “An existing connection was forcibly closed by the remote host”

book

Article ID: 431212

calendar_today

Updated On:

Products

IT Management Suite Patch Management Solution

Issue/Introduction

Patch Management in IT Management Suite (ITMS) fails to download specific third-party updates (for example, Notepad++ patches hosted on GitHub), while:

The same URL downloads successfully using a browser on the SMP Server.
Other vendor updates download without issue.
No proxy is configured in the environment.

The Notification Server (NS or SMP (Symantec Management Platform) server) log shows errors similar to:

Download failed for: https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.8.9/npp.8.8.9.Installer.x64.exe
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

Full NS log entry:

Download failed for: https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.8.9/npp.8.8.9.Installer.x64.exe

The underlying connection was closed: An unexpected error occurred on a send.
[WebException @ Altiris.PatchManagementCore.dll]
at Altiris.PatchManagementCore.Utilities.File.HandleDownloadRetry(Uri, DownloadContext, Exception, TimeSpan)
at Altiris.PatchManagementCore.Utilities.File.DownloadToStreamWithRetries(Uri, DownloadContext)
at Altiris.PatchManagementCore.Utilities.File.Download(string, string, string, bool, DownloadParameters)

Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[IOException @ System.dll]
at System.Net.Sockets.NetworkStream.Read(out byte, int, int)
at System.Net.FixedSizeReader.ReadPacket(byte[], int, int)
at System.Net.Security.SslState.StartReceiveBlob(byte[], AsyncProtocolRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken, AsyncProtocolRequest)
at System.Net.Security.SslState.ForceAuthentication(bool, byte[], AsyncProtocolRequest, bool)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext, ContextCallback, object, bool)
at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object, bool)
at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult)
at System.Net.TlsStream.Write(byte[], int, int)
at System.Net.PooledStream.Write(byte[], int, int)
at System.Net.ConnectStream.WriteHeaders(bool)

An existing connection was forcibly closed by the remote host
[SocketException @ System.dll]
at System.Net.Sockets.NetworkStream.Read(out byte, int, int)

Exception logged from:
at Altiris.Diagnostics.Logging.EventLog.ReportException(int, string, string, Exception, string)
at Altiris.PatchManagementCore.Utilities.File.Download(string, string, string, bool, DownloadParameters)
at Altiris.PatchManagementCore.Utilities.FileDownloader.Download()
at Altiris.PatchManagementCore.Utilities.FileDownloader.DoDownloadProcedure(object)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext, ContextCallback, object, bool)
at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object, bool)
at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object)
at System.Threading.ThreadHelper.ThreadStart(object)

User [EXAMPLE\svc_AppID_account], AppDomain [AtrsHost.exe]
-----------------------------------------------------------------------------------------------------
Date: 12/23/2025 6:51:37 AM, Tick Count: 280224593 (3.05:50:24.5930000), Size: 2.87 KB
Process: AtrsHost (8368), Thread ID: 8, Module: Altiris.PatchManagementCore.dll
Priority: 1, Source: File.HandleDownloadRetry

Environment

ITMS 8.7.x, 8.8.x

Patch Management Solution

Cause

The Patch Management download engine (Altiris.PatchManagementCore.dll) uses the .NET HTTP stack (HTTP/1.1).

In this scenario:

Browser downloads (Edge/Chrome/IE) succeed.
PowerShell and Patch Management downloads fail.
TLS 1.2 is already enabled.
No proxy is configured.

Testing confirms that the network blocks anonymous HTTP/1.1 traffic, even though GitHub does not require authentication.

This behavior indicates a customer network-level restriction affecting .NET-based download requests, not a product defect in ITMS.

Confirmed Root Cause

The customer network blocks or interferes with anonymous HTTP/1.1 traffic used by:

Patch Management download engine
PowerShell Invoke-WebRequest
.NET-based services

Although browsers succeed (likely using HTTP/2), .NET-based requests fail with:

System.Net.Sockets Error: ConnectionReset

An existing connection was forcibly closed by the remote host

This occurs before data transfer begins, confirming the connection is terminated upstream.

GitHub does not require authentication.
Patch Management cannot add authentication headers where none are required.
Therefore, the issue is environmental.

Resolution

Confirm Environmental Cause
Workaround – Configure a Manual Patch Binary Mirror Repository

Confirm Environmental Cause

Step 1 – Validate TLS Configuration

Verify registry keys exist:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319

Registry Value	Type	Value	Purpose
SchUseStrongCrypto	DWORD	1	Forces TLS 1.2
SystemDefaultTlsVersions	DWORD	1	Uses OS TLS settings

Restart IIS and Altiris services after modification.

Step 2 – Test Using PowerShell (.NET stack)

Run the following in Powershell:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Invoke-WebRequest -Uri "https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.5.3/npp.8.5.3.Installer.x64.exe" -OutFile "C:\temp\test.exe"

If this fails with:

The underlying connection was closed: An unexpected error occurred on a send.

This confirms .NET stack traffic is blocked.

Step 3 – Test Authenticated vs Anonymous Traffic

Run the following commands in Powershell:

Invoke-WebRequest -Uri "https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.8.5/npp.8.8.5.Installer.x64.exe" -UseDefaultCredentials -OutFile "C:\temp\test.exe"

Invoke-WebRequest -Uri "https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.8.5/npp.8.8.5.Installer.x64.exe" -UseDefaultCredentials:$false

-OutFile "C:\temp\test.exe"

If these commands succeed: It proves the network only allows Authenticated traffic and is blocking the Anonymous requests required by the Patch Management solution.

If these fail, it further confirms network restriction (which we could say usually Anonymous requests are blocked.)

Diagnostic Summary

Test	Expected	Actual	Interpretation
Browser download	Success	Success	Browser engine works
PowerShell download	Success	Fails	.NET traffic blocked
TLS 1.2 enforced	Enabled	Enabled	Not TLS issue
Other vendors	Success	Success	Selective filtering

Conclusion: Environmental network restriction

Workaround – Configure a Manual Patch Binary Mirror Repository

This issue is caused by environmental network filtering affecting .NET-based HTTP requests. Patch Management is functioning as designed. Until network filtering is corrected, manual mirror staging provides a reliable and supported workaround.

The following describes how to configure a long-term automated workaround for hosting third-party patch binaries (for example, Notepad++) so that Patch Management can download and deploy them successfully.

If you require a one-time manual workaround, refer to the following article:

Unable to download a Patch Update or Bulletin with error: The request was aborted: Could not create SSL/TLS secure channel. – One-time workaround for missing third-party patch binaries

Using a mirror repository allows Patch Management to obtain patch binaries from a controlled location instead of downloading them directly from the vendor site.

A mirror repository is not required for future deployments as long as the Software Update policy created with the original staged files remains intact. However, using a mirror simplifies staging operations because administrators do not need to repeatedly modify the Download from staging location setting.

The following steps allow patching to continue while the network team investigates.

NOTE: For this KB article, we will use NPPP-260216 (Notepad Plus Plus version 8.9.2) as an example and we will set up a "Local Folder" on the SMP Server for setting up this workaround.

In this article the terms mirror repository, mirror folder, and mirror root refer to the same staging location used for patch binaries.

Workflow Overview

The mirror repository process consists of two types of steps:

Step Type	Description
One-time configuration	Configure Patch Management to use a mirror repository and optionally enable fallback to vendor downloads
Per-bulletin preparation	Identify bulletin details, prepare mirror folders, and upload patch binaries

After the initial configuration is completed, only the per-bulletin preparation steps must be repeated for future updates.

PART 1 - Identify Bulletin Information

Step 1 – Identify Update GUID

Open SMP Console.
Go to Home > Patch Management > Compliance by Bulletin.
Search for the affected bulletin.
Right-click the bulletin > Resource Manager.
Open the associated Software Update. It may contain multiple "files". Usually an update contains one file, but some updates may have several files. For example: Office 365 bulletins. You must download them all.
Copy the Update GUID from Properties from each file in the bulletin. Click on each associated software package.

For example, for this NPPP-260216, there were 4 files with these GUIDs:

{10e22849-adc1-41af-8123-a0699146609d}\npp.8.9.2.Installer.arm64.exe
{0ffe3137-f724-43bb-85a9-a1bbea0a740a}\npp.8.9.2.Installer.x64.exe
{f839a390-55f0-48b6-a199-269796d974e0}\npp.8.9.2.Installer.x64.msi
{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.exe

Step 2 – Confirm Expected File Name

Open the Software Update.
Click Summaries > Software Update Details.
Confirm the expected file name - it may be different from downloaded from the vendor site (like this example with TeamViewer bulletin).

Note: For example, here the file is downloaded as "npp.8.9.2.Installer.exe" but you will need to rename it to "npp.8.9.2.Installer.x86.exe" in order to match the software resource metadata reference.

PART 2 – Expected Structure Inside the Mirror Folder

Inside the mirror root, patch files must follow this structure:

Expected structure inside the mirror folder:

\BulletinName\{UpdateGuid}\FileName

Example using a Local Folder:

D:\PatchData\NPPP-260216\{0ffe3137-f724-43bb-85a9-a1bbea0a740a}\npp.8.9.2.Installer.x64.exe

Another example using HTTP:

https://YourMirror/PatchData/NPPP-260216/{0ffe3137-f724-43bb-85a9-a1bbea0a740a}/npp.8.9.2.Installer.x64.exe

Example used in this article:

Mirror root: 
D:\PatchData
Bulletin: 
NPPP-260216
Update GUID: 
{0ffe3137-f724-43bb-85a9-a1bbea0a740a}

Final path:
D:\PatchData\NPPP-260216\{0ffe3137-f724-43bb-85a9-a1bbea0a740a}\npp.8.9.2.Installer.x64.exe

Important

The mirror root can be any location (local folder, UNC, or HTTP)
Do not include vendor-specific folders
Structure must start at BulletinName

Incorrect example (do not use):

\\Server\PatchData\Notepad++\Windows\Updates\{UpdateGUID}\file.exe

Correct structure:

\\Server\PatchData\BulletinName\{UpdateGUID}\file.exe

Like:

\\SMPServer\PatchData\NPPP-260216\{0ffe3137-f724-43bb-85a9-a1bbea0a740a}\npp.8.9.2.Installer.x64.exe

Important Requirement

All updates included/referenced in the bulletin must be available in the mirror.

This means either:

Upload all update binaries
Or only stage the updates selected in the Software Update policy

Step 1 – Download File Manually

After identifying the Update GUID and expected file name, create the folder structure described above.

Download the file from the vendor site and place it in the corresponding GUID folder.

If the downloaded file name differs from the expected file name, rename it to match exactly.

Note: Patch Management requires an exact file name match.

In this example, the root folder is D:\PatchData then full path of first update above will look like D:\PatchData\NPPP-260216\{10e22849-adc1-41af-8123-a0699146609d}\npp.8.9.2.Installer.arm64.exe

PART 3 – Configure Mirror Usage (One-Time Setup)

Step 1 - Configure Patch Management to Use the Mirror Repository in Core Services

The mirror folder location is configured in the Download from staging location setting.

Navigate to:

SMP Console > Settings > All Settings > Software > Patch Management > Core Services > Locations tab
Set the Download from staging location value to the mirror folder path.

Example:

(Local folder repository):
D:\PatchData
Or

(UNC share):
\\Server\PatchData
Or
(web repository):
https://YourMirror/PatchData
Click Save changes.

After the bulletin files are deployed, you don't need to uncheck the box for "Download from staging location:" so it would be possible to use this workaround for the other Vendors/patches.
To allow download of non-problematic updates from original vendor sites you need to set the registry setting 'FallbackMirrorDownload' to 1 (switched on). See "Step 2– Enable Fallback to Internet" below.

This configuration only needs to be completed once.

Step 2– Enable Fallback to Internet

Set registry key on SMP Server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Patch Management]"FallbackMirrorDownload"=dword:00000001

Value Behavior
0 Mirror only
1 Mirror first, fallback to Internet
Restart Altiris services after setting.

NOTE:

Value	Behavior
0	Mirror only
1	Mirror first, fallback to Internet

Using the FallbackMirrorDownload registry setting is recommended, especially if the mirror will only host one Vendor (in this case Notepad ++ (NPP)) bulletins.
When this setting is enabled, the download process works as follows:
The system first attempts to download the bulletin from the configured mirror location ( "Download from staging location:").
If the bulletin is not present on the mirror (which may occur for non-NPP bulletins), this attempt will fail. This behavior is expected.
If the file is not found on the mirror, the system automatically attempts a second download from the vendor’s original site, which should succeed.
By enabling the FallbackMirrorDownload setting, customers can maintain a single mirror configuration while still allowing the system to retrieve other bulletins directly from the vendor when necessary.

PART 4 – Create the Software Update Policy

Step 1– Create the Software Update Policy

After the required update files are available in the mirror folder, create the Software Update policy.

Open the SMP Console.
Navigate to:

Home > Patch Management > Windows > Compliance and Remediation > Compliance by Bulletin
Locate the required bulletin.
Select the bulletin and right-click > Distribute Packages.
In the Distribute Software Update wizard:
- Select the updates you want to include.
- Ensure that the update binaries exist in the mirror folder.
Complete the wizard to create the policy.

PART 5 - Troubleshooting

If Patch Management cannot retrieve the patch binaries from the mirror location, review the Notification Server logs (NS logs). Use our Altiris Log Viewer: Start > Symantec > Altiris Log Viewer

When troubleshooting, search the logs for the mirror folder name configured in the Download from staging location setting.

This can help confirm whether Patch Management attempted to access the mirror location.

Example:

D:\PatchData

If the log entries indicate the system attempted to retrieve files from the vendor location instead of the mirror folder, verify:

Check	Description
Mirror folder path	Correctly configured in Core Services → Locations
Folder structure	Matches \BulletinName\{UpdateGUID}\FileName
Files present	All required update files exist in the mirror

Example NS log Entries:

You should see that the process started and identified 4 packages for this NPPP-260216 update:

Created a task 'Staging Software Updates for NPPP-260216'.
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:01:00 AM, Tick Count: 365640 (00:06:05.6400000), Size: 329 B
Process: AtrsHost (8364), Thread ID: 124, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: PMC:DownloadSWUPackageTask.CreateInstanceInternal

Download started for 4 software updates.
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:01:00 AM, Tick Count: 365546 (00:06:05.5460000), Size: 305 B
Process: AtrsHost (8364), Thread ID: 124, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: PMC:SoftwareUpdateDistributionTask.Progress

Then, it starts and finish the process for the desired packages on this bulletin (grabbing the files from the local repository and placing them into the standard patch directory):

[1 / 4] Downloading Software Update Package 'npp.8.9.2.Installer.x64.msi' for 'NPPP-260216'
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:01:00 AM, Tick Count: 365875 (00:06:05.8750000), Size: 348 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: PMC:DownloadSWUPackageTask.Progress

Finished download [from:'D:\PatchData\NPPP-260216\{f839a390-55f0-48b6-a199-269796d974e0}\npp.8.9.2.Installer.x64.msi' to:'D:\Program Files\Altiris\Patch Management\Packages\Updates\NPPP-260216\{f839a390-55f0-48b6-a199-269796d974e0}\npp.8.9.2.Installer.x64.msi' task:Download Software Update Package time:00:00:01.6451522]
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:01:04 AM, Tick Count: 370031 (00:06:10.0310000), Size: 574 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: DownloadObjectTask.DownloadFile

[2 / 4] Downloading Software Update Package 'npp.8.9.2.Installer.x86.exe' for 'NPPP-260216'
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:01:12 AM, Tick Count: 377500 (00:06:17.5000000), Size: 348 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: PMC:DownloadSWUPackageTask.Progress

Finished download [from:'D:\PatchData\NPPP-260216\{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.x86.exe' to:'D:\Program Files\Altiris\Patch Management\Packages\Updates\NPPP-260216\{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.x86.exe' task:Download Software Update Package time:00:00:00]
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:01:13 AM, Tick Count: 378234 (00:06:18.2340000), Size: 566 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: DownloadObjectTask.DownloadFile

[3 / 4] Downloading Software Update Package 'npp.8.9.2.Installer.arm64.exe' for 'NPPP-260216'
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:02:18 AM, Tick Count: 443578 (00:07:23.5780000), Size: 350 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: PMC:DownloadSWUPackageTask.Progress

Finished download [from:'D:\PatchData\NPPP-260216\{10e22849-adc1-41af-8123-a0699146609d}\npp.8.9.2.Installer.arm64.exe' to:'D:\Program Files\Altiris\Patch Management\Packages\Updates\NPPP-260216\{10e22849-adc1-41af-8123-a0699146609d}\npp.8.9.2.Installer.arm64.exe' task:Download Software Update Package time:00:00:01.2165910]
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:02:20 AM, Tick Count: 445671 (00:07:25.6710000), Size: 578 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: DownloadObjectTask.DownloadFile

[4 / 4] Downloading Software Update Package 'npp.8.9.2.Installer.x64.exe' for 'NPPP-260216'
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:02:26 AM, Tick Count: 451234 (00:07:31.2340000), Size: 348 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: PMC:DownloadSWUPackageTask.Progress

Finished download [from:'D:\PatchData\NPPP-260216\{0ffe3137-f724-43bb-85a9-a1bbea0a740a}\npp.8.9.2.Installer.x64.exe' to:'D:\Program Files\Altiris\Patch Management\Packages\Updates\NPPP-260216\{0ffe3137-f724-43bb-85a9-a1bbea0a740a}\npp.8.9.2.Installer.x64.exe' task:Download Software Update Package time:00:00:01.6254606]
-----------------------------------------------------------------------------------------------------
Date: 3/17/2026 5:02:28 AM, Tick Count: 453671 (00:07:33.6710000), Size: 574 B
Process: AtrsHost (8364), Thread ID: 125, Module: Altiris.PatchManagementCore.dll
Priority: 4, Source: DownloadObjectTask.DownloadFile

NOTE:

If the file name doesn't match, you may see an error like this:

Download from custom location failed for: C:\PatchData\NPPP-260216\{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.x86.exe, exception:System.IO.FileNotFoundException: Could not find file 'C:\PatchData\NPPP-260216\{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.x86.exe'.
File name: 'C:\PatchData\NPPP-260216\{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.x86.exe'

As mentioned before, we need to match the file name to what is expected in the metadata references provided by the vendor. In this particular case, the direct download file is called npp.8.9.2.Installer.exe but we expect the name npp.8.9.2.Installer.x86.exe

In regular circumstances when we can download the desired files directly from the vendor site, our code takes care of renaming the download files to match the expected name. Here is an example of a NS log entry when the rename is handled by our code:

Start download [from:'https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.9.2/npp.8.9.2.Installer.exe' to:'C:\Program Files\Altiris\Patch Management\Packages\Updates\NPPP-260216\{0eeee770-19cc-4503-8c61-65bdc2d7a3f2}\npp.8.9.2.Installer.x86.exe' task:Download Software Update Package]
-----------------------------------------------------------------------------------------------------

Additional Information

Unable to download a Patch Update or Bulletin with error: The request was aborted: Could not create SSL/TLS secure channel

Feedback

thumb_up Yes

thumb_down No