Troubleshooting HTTP Post Errors in Altiris Agent Communication

Article:TECH12701  |  Created: 2005-09-13  |  Updated: 2005-09-13  |  Article URL http://www.symantec.com/docs/TECH12701
Article Type
Technical Solution


Issue



Troubleshooting HTTP Post Errors in Altiris Agent Communication

Solution



HTTP Post Errors

  • Generally HTTP Post errors are caused by either name resolution or security.
  • Open up a browser on the client machine. In the log the HTTP Post error will have a corresponding URL, for example:

http://servername/AeXNS/Postevent.asp Try to reach this site locally from the client machine. You should receive a ‘NO DATA’ message. If you receive “Page cannot be found” or “Page cannot be displayed”, we are failing to reach the site.

Also check for the pages http://servername/AeXNS/getclientpolicies.asp and http://servername/AeXNS/createresource.asp.
When accessing the getclientpolicies.asp you should receive the message:

"<error number="80041002">
- <![CDATA[ Failed to GetClientConfig. Error number: 80041002. Error description: GetClientConfigXml failed: Guid not found in request "<Request></Request>"
  ]]> 
  </error>"

When accessing the createresource.asp you should receive the message:

"- <error number="80004005">
- <![CDATA[ 
Failed to CreateResource. Error number: 80004005. Error description: DataLoader: Failed to CreateResource: XML Parse Error 0xc00ce558 at line=0, pos=0
Reason:
XML document must have a top level element.
Near:
Doc head:
  ]]> 
  </error>"
  • If you do not receive the above messages, this is likely a security issue.
  1. On the Notification Server, open up IIS Manager.
  2. Right-click on the Default Website and choose Properties.
  3. Select the tab “Directory Security”
  4. Click Edit under Authentication and access control.
  5. Both Enable anonymous access and Integrated Windows authentication
  6. Do the same on getclientpolicies.asp, createresource.asp. and postevent.asp

Other permissions should be set as follows:

  1. Users security group should have read permissions (and IUSR_<computername> should be a member of users).
  2. Also check the EvtQueue and EvtQFast directories. The Users security group should have read and write permissions (and IUSR_<computername> should be a member of the users group).
  3. You can see if the NS client machines are having problems getting to these files by setting the NS server name (FQDN, NetBIOS, IP address) to be in the Restricted Sites IE security zone on one or more of the NS client machines, and then make sure the custom security on this zone is set for User Authentication --> Logon --> Anonymous logon [This makes sure that the connection is anonymous to these pages on the NS server, which is the same as how the NS client does it.] Then in a browser window one of the NS clients machines where the IE security has been configured as above go to the three previously listed ASP pages to see if you get the correct results.
  4. User group should have read and write permissions on the NTFS equivalent files and folders corresponding to the anonymous IIS permissions. The AeXNS virtual website is the Notification Server folder.

Legacy ID



2016


Article URL http://www.symantec.com/docs/TECH12701


Terms of use for this information are found in Legal Notices