KNOWN ISSUE: DS7.1: Automation Environment Agent is unable to connect server when NS is installed on HTTPS
|Article:TECH127620|||||Created: 2010-05-24|||||Updated: 2012-10-09|||||Article URL http://www.symantec.com/docs/TECH127620|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
Client machine is able to boot correctly into the WinPE automation environment, but does not communicate with the server; does not get tasks/jobs, cannot get resource GUID.
Errors like those below may appear in the log files.
<event date='Jan 05 21:35:44' severity='4' hostName='MININT-IDP5D5M' source='Client Task Agent' module='Client Task Agent.dll' process='PECTAgent.exe' pid='776' thread='316' tickCount='438812' >
<![CDATA[Attempting to register using "https://ns-6235:443/Altiris/ClientTaskServer/Register.aspx?resourceGuid=cfc74f43-6523-438c-98e9-ecd07a9a8042"]]>
<event date='Jan 05 21:35:44' severity='2' hostName='MININT-IDP5D5M' source='AeXNetworkTransport' module='AeXNetComms.dll' process='PECTAgent.exe' pid='776' thread='316' tickCount='438828' >
<![CDATA[Post to 'https://ns-6235:443/Altiris/ClientTaskServer/Register.aspx?resourceGuid=cfc74f43-6523-438c-98e9-ecd07a9a8042' failed: HTTP Request Failed: The target principal name is incorrect. (-2146893022)]]>
<event date='Jan 05 21:35:44' severity='2' hostName='MININT-IDP5D5M' source='CoNetworkTransport(256)' module='AeXNetComms.dll' process='PECTAgent.exe' pid='776' thread='316' tickCount='438828' >
<![CDATA[HTTP Request Failed: The target principal name is incorrect. (-2146893022)]]>
Deployment Solution 7.0, 7.1, with HTTPS / SSL implemented.
The PECTAgent used for agent communication in the automation environment is unable to correctly communicate over HTTPS when establishing a link to the Notification Server.
HTTPS is not currently supported for PECTagent functionality. HTTPS will have to be removed for full functionality. Once HTTPS is no longer required on your Task Server and NS, Some modifications will have to be made to the PECTagent:
Open both PECTagent.ini located in
\\%taskserver%\Deployment\Task Handler\bootwiz\oem\DS\base\Winpe2\x86\Base\Program Files\Altiris\Altiris Agent
\\%taskserver%\Deployment\Task Handler\bootwiz\oem\DS\base\Winpe2\x64\Base\Program Files\Altiris\Altiris Agent
Change the fields [Protocol] and [Port] to HTTP and 80, respectively. (This will have to be done on all task servers that service PXE clients)
Rebuild your WinPE environments.
This will restore functionality to your PECTagents in automation to use HTTP communication. Again, there is no workaround currently to utilize HTTPS (or port 443).
Logged in Etrack (Symantec) database
Article URL http://www.symantec.com/docs/TECH127620