Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

The Importance of Having a Reliable Network Behind the Symantec Management Platform

Created: 20 Mar 2009 • Updated: 20 Mar 2009
BRING's picture
+1 3 Votes
Login to vote

Recently, it was discovered on a large number of server class machines that the Altiris Agent was displaying the following error:

HTTP Request Failed: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. (-2147014841).

Sufficient buffer space?  Well, after checking the memory statistics on a client machine exhibiting the behavior, the handle counts for the Altiris Agent Service were very high, in some cases exceeding 10k or more.  However, the counts were ascending and descending as expected, just at a very high level. 

After some research, this error is a common error and warning occurs when the Altiris Agent cannot contact a domain controller/DNS server to resolve the name of the Notification Server.  This has been shown in some cases to point to a inconsistently behaving or non-functional domain controller/DNS server. The high Altiris Agent handle counts in Process Explorer were also there due to the fact that, on the x86 W2K3 SP2 server.  By default, Windows Server 2003 has by default 5000 ephemeral ports (a.k.a. dynamic ports). The default dynamic port range is 1024-5000.  As the DNS/Domain Controller went down and it was unavailable, the Altiris Agent service, thru the Client Task Agent plugin, was trying to open a network connection every 15 minutes, and exhausted all of the ephemeral ports.  Essentially, the AeXNSAgent.exe process experienced a condition that resulted in a complete depletion of the available TCP ports on the machine.

Restarting the Altiris Agent service will resolve this issue frequently.  Another more permanent option is to increase the amount of dynamic ports available.  This is done by changing the following registry key:

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

MaxUserPort (dword) 

Set the value to 65534 (decimal).

 

The most important thing to remember is that you should always make sure that you have a failover DNS environment, and that your network infrastructure components are reliable.