Access Denied to Temporary ASP.NET Files during ITMS repair, reconfiguration, or new installation

Products

IT Management Suite

Issue/Introduction

During a reconfiguration/installation process while using SIM (Symantec Installation Manager), the following error message appears:

Access to the path 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\altiris_ns\...' is denied.

SIM logs shows the following error message:

ConfigureNS - task_Completed(): Configuration Task Pre-Configuring ... Failed: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'.
The request failed with the error message:
--
<!DOCTYPE html>
<html>
<head>
<title>Access to the path 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\altiris_ns\f5b01abe\d1aabd7d\hash\hash.web' is denied.</title>

<style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/Altiris/NS' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Access to the path 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\altiris_ns\f5b01abe\d1aabd7d\hash\hash.web' is denied.</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
<br><br>
<b> Exception Details: </b>System.UnauthorizedAccessException: Access to the path 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\altiris_ns\f5b01abe\d1aabd7d\hash\hash.web' is denied.
<br><br>ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
<br><br>To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.<br><br>
<b>Source Error:</b> <br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code>
<REMOVED EARLIER LOG CONTENT....>

-----------------------------------------------------------------------------------------------------
Date: 4/20/2026 8:10:35 PM, Tick Count: 27162375 (07:32:42.3750000), Size: 20.44 KB
Process: SymantecInstallationManager (11500), Thread ID: 10, Module: SymantecInstallationManager.exe
Priority: 1, Source: Symantec.Installation.ConfigureNS.task_Completed

Environment

ITMS 8.7.x, 8.8.x

Cause

This issue typically occurs because the account running the application pool (e.g., IIS APPPOOL\SMP Server AppPool), Application Identity (AppID account or primary SMP Server account) or the Network Service lacks sufficient NTFS permissions to write to the ASP.NET temporary compilation folders.

Resolution

Step 1: Grant NTFS Permissions

You must ensure the identity running your site has sufficient control over the ASP.NET temporary directories.

Open IIS Manager, go to Application Pools, and identify the Identity of the pool running your site.
Navigate to C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files.
Right-click the folder and select Properties > Security tab > Edit > Add.
Add the IIS_IUSRS group or your specific service account (AppID Account).
Grant Full Control (or at least Modify, Read & Execute, List folder contents, Read, and Write).
Repeat these steps for the C:\Windows\Temp directory.

Step 2: Clear Corrupted Compilation Files

If permissions are correct but the error persists, the temporary files may be corrupted and need to be recreated.

Stop the Altiris Support Service and Altiris Service.
Open an elevated command prompt and run iisreset /stop to stop IIS.
Manually delete all content inside the following folder:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
Restart IIS by running iisreset /start.
Start the Altiris services stopped in step 1.

Step 3: Adjust IIS App Pool Settings (Optional)

In some environments, Windows may require a user profile to be loaded for the account to access these paths correctly.

In IIS Manager, right-click your SMP Server Application Pool > Advanced Settings.
Set Load User Profile to True.
Perform an iisreset to apply changes.

Step 4: Run a Repair

After the issue has been addressed with the steps above, run a repair on what you have currently installed.

Note:
If the failure occurs during the configuration phase (typically after ~50% of the installation), a reconfigure is most likely required.
If the failure happens at the start of the installation, repairing the MSI components is usually sufficient as starting point.
If the failure point is unclear, perform a full repair as the safest option.

To run a repair in the Symantec Installation Manager (SIM), follow these steps based on the type of repair required. All repair actions must be performed while logged into the SMP Server as the Service Account (Application Identity). See Repairing Notification Server/Symantec Management Platform products and solutions

Best Practices Before Starting

Permissions: Log on as the Application Identity account or a member of the Symantec Administrators role.
Session Type: Ensure you are in a Console session (Session ID 0) on the server.
Backup: A backup of the Symantec_CMDB is recommended before reconfiguring the database.
KMS keys and NS Configuration Backup: Have a recent copy of your KMS keys and main NS configuration settings. Refer to "Backing up and restoring Notification Server KMS encryption keys"
and "Backing up Core Settings from SMP Server"

Option 1: Full Repair (All Solutions)

This process performs both a repair and a reconfiguration of all installed products.

Launch Symantec Installation Manager (SIM).
Click Repair installed products.
Select Perform full repair and click Next.
Verify the database information and click Next to begin.

Option 2: Repair MSI Files

Use this to repair the installation files for specific solutions.

In SIM, click Repair installed products.
Select Repair MSI-s.
Check the desired boxes for the specific Solution(s) and proceed.

Option 3: Reconfigure Installed Products

This triggers the config file repair process to re-link products to the database.

In SIM, click Repair installed products.
Select Reconfigure installed products and click Next.
Select the specific product (e.g.,Symantec Management Platform will trigger to reconfigure all installed Solutions as well. This is preferred as a way to make sure all components are reconfigured) and click Next.
Click Configure to start the process.