Symantec Installation Manager fails to install products - Install could not continue because the web service was not available at https://servername.fqdn:443

Article:TECH180894  |  Created: 2012-02-07  |  Updated: 2014-04-24  |  Article URL http://www.symantec.com/docs/TECH180894
Article Type
Technical Solution


Issue



When using SIM to install new products into an existing Symantec Management Platform installation, the installation fails with the message:


Error



In addition to the "Install could not continue because the web service was not available at https://server" message, the Symantec Installation Manager logs contain the following Error-level message:

Failed to get registered services from https://managementserver.domain.com/Altiris/NS/Services/ServiceConfigurationWebService.asmx

( Exception Details: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Altiris.NS.Installation.ServiceConfigurationWebServiceProxy.GetRegisteredServices()
at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams) )
( Exception logged from:
at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, Exception exception)
at Symantec.Installation.PerformInstall.InstallProducts(ComponentCollection componentsToInstall, List`1 installedPackageList, NsConfigureParameters nsParams)
at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
at Symantec.Installation.InstallSessionQueue.ExecuteNextTask()
at Symantec.Installation.Context.WizardProcess.InstallManager.PerformInstallAndConfig()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
)
( Extra Details: Type=System.Net.WebException Src=System.Web.Services

Inner Extra Details: Type=System.Security.Authentication.AuthenticationException Src=System )


Environment



Symantec Management Platform 7.1
configured to require SSL communication during the initial installation


Cause



The SSL Certificate in IIS Bindings on the server is configured for a different FQDN than the name listed in the error and logs.  The settings from the initial installation use the server name, instead of the certificate name currently in use.


Solution



One workaround is to temporarily change IIS Bindings for HTTPS to use the certificate found in the error messages, then do the installation, and then change the certificate back to the one being used.

If the Symantec Management Platform server was installed with HTTPS required and/or a custom port specified, and then those settings were changed afterwards, then changing the Bindings will not work for that.  To this fix:

  1. Open Regedit on the Symantec Management Platform server
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\AIM\Configuration\NsConfiguration
  3. Modify the "NsWebSiteSSL" key and change the value to "False"
  4. Modify the "NsWebSitePort" key, if needed, to change the value to port 80 (decimal)
  5. Modify the "NsWebSiteHost" key, if needed, to change the value to the proper FQDN of the server
  6. Check that "Require SSL" setting in IIS Manager for the Default Web Site>SSL Settings is unchecked.
  7. Go back into the Symantec Installation Manager and restart the installation.

Supplemental Materials

SourceETrack
Value2684090

Legacy ID



nefi_garrido


Article URL http://www.symantec.com/docs/TECH180894


Terms of use for this information are found in Legal Notices