KNOWN ISSUE: CryptDecrypt error after changing Application Identity password to a 32 character password.


Article ID: 153112


Updated On:


Management Platform (Formerly known as Notification Server)


Altiris Agent does not support a password of 32 characters or greater.

Steps to Duplicate:
1. Set the password to the Application Identity account to be 32 characters or greater in length.
2. Update the Notification Server Settings\Application Identity information to use the new password.
3. Update the Agent configuration. This will generate the errors mentioned below.

<event date='Dec 27 09:48:09' severity='1' hostName='BGREENE7-LT' source='CryptHelper' module='aexnsagent.exe' process='aexnsagent.exe' pid='2140' thread='2188' tickCount='234531' >
  <![CDATA[CryptDecrypt failed.
Error Description: Bad Data]]>
<event date='Dec 27 09:48:09' severity='2' hostName='BGREENE7-LT' source='Agent' module='aexnsagent.exe' process='aexnsagent.exe' pid='2140' thread='2188' tickCount='234531' >
  <![CDATA[Failed to decrypt user password from policy file. This is normal after an agent upgrade.]]>


Known Issue.


This issue has been reported to the Symantec Developement team. This issue will be resolved in a later release (post SMP 7.0 SP5).

The current Workaround is to use passwords with less than 31 characters in length.

Applies To

Symantec Management Platform 7.0 SP4, SP5
Altiris Agent 7.0.8641