Clients trying to connect to Site Servers with Task Server may receive a 401, 401.5 or other similar authentication errors in the Agent logs. This can affect the NS, XP systems, or any other Task Server.
This is working as designed but is also being tracked as a bug so if you're having this problem, please subscribe to the KB. In short, Task Server in version 6.x used Anonymous access in it's configuration. For v7 though, it was determined this was a security risk, and that default setting was changed. This change can pose some issues if the client doesn't successfully log in to the Task Server.
There are two options to correct this issue:
There is an over-ride setting that can be used for Client-Server communications.
In the console, browse to Settings | Agents/Plug-ins | Altiris Agent. Expand Settings and select Altiris Agent Settings - Global. On the right, select the Authentication tab. Here, you can enter alternate credentials for your agents to use, or the Agent Connectivity Credential or ACC.
This affects Agent -> Server communication, Agent -> Package Server communication, and Agent -> Task Server communication.
For your clients to get the new policy, they'll have to actually check in, which will take several hours, at least 4 by default. So, you'll probably want to wait a day before you do a full check for functionality.
Enable Anonymous Access:
If you need the clients to connect immediately, you can enable Anonymous Access on the Task Servers until the policies are all received by the agents. This is done in IIS under Default Web Site\Altiris\ClientTaskServer. Right-click, choose properties, and then make the change on the Directory Security tab under Authentication and access control. Click Edit, then simply mark the option for Enable anonymous access.
Notification Server v7.x
Task Server v7.x