After upgrading Client Agents from ITMS 7.5x to 8.0, the AppID keeps getting locked out


Article ID: 164289


Updated On:


Management Platform (Formerly known as Notification Server)


A customer recently upgraded from ITMS  7.5 SP1 to 8.0 and he started to notice that his AppID Account started to keep getting locked out.
The AppID account has not changed but still the account keeps getting locked out.

Most of their Symantec Management Agents are almost done upgrading but this process is taking too long because the AppID account keeps getting locked out.



What we have seen before is that the Symantec Management Agent package that uses UNC paths to reference the package location, sometimes causes issues. Due to a flaw in the 7.5 agent (which the clients had and needed to be upgraded) when downloading via UNC path, it was causing the ACC account to lock. This was derailing their attempts to upgrade their computers.

There are other possible causes for the Service Account to get locked out such as tasks running under a specified user or smp agent push which are documented in TECH239637.  


Upgrade from ITMS 7.5 SP1 HF5 to 8.0


We ran the following queries to identify if they had the agent package referencing UNC.

1. This query should show if this SMAgent package has been recently requested:
select * from Evt_AeX_SWD_Package
where PackageId = '47E1F709-5EF8-44EA-9A1A-955620A09ED4'
order by _eventTime desc

2. If the SMAgent package was requested around the times the lock outs occurred and most of those requests have blank URLs, run the following query to identify if UNC was used:
select * from SWDPackageCodebase
where packageid = '47E1F709-5EF8-44EA-9A1A-955620A09ED4'
and URL like 'file://%'

3. Look for null source entries for the SMAgent package with the following query:
select * from SWDPackageCodebase
where packageid = '47E1F709-5EF8-44EA-9A1A-955620A09ED4'
and URL like 'file://%'
and [Source] is null

4. Based on the results from the queries above we determinate that we needed to clear out the UNC references for the SMAgent package until all the agent upgrade is done, so only http and https codebases were given for this package.
The workaround is to eliminate UNC codebases for just the Agent package. The following SQL can be embedded in a SQL task that can set to run every hour until the agents are all upgraded:

Delete from SWDPackageCodebase
where packageid = '47E1F709-5EF8-44EA-9A1A-955620A09ED4'
and URL like 'file://%'