Video Screencast Help

Altiris Deployment Solution 7.5--Linux PE failed to download certificata

Created: 28 Oct 2013 | 10 comments

Dear All

        It is my first time to use Altiris Deployment Solution 7.5. I download the trial version and  test installing Redhat Enterprise 6.2 linux for some new server by Altiris.

        Firstly, power on the server and then boot to a linux PE. But I meet the error information as follow:

      “Failed to download certificate,aborting”、“ERROR:Agent configuration failed”、“Failed to set up the link”、“cannot obtain installation directory of the Agent”and “Could not connect to the server”  

      Does some one meet the same error? Wish you give me a hand. Thanks so much.

 

   

Operating Systems:

Comments 10 CommentsJump to latest comment

Sachin_Joshi5's picture

Hello,

 

Can you confirm if IP is assigned to the client after booting to LinPE?

If yes, can you ping NS from LinPE? Is that reachable?

 

Thanks,

Sachin

 

Robin N's picture

Hello Sachin_Joshi5

         I confirm that the IP address is assigned to the client after booting to linPE.

         And I ping NS from LinPE, it is reachable.

        1.gif2.gif

 

Sachin_Joshi5's picture

Ok Robin.

Can you check status of this client under: 'Reports > Notification Server Management > Registration > Agent Registration Status'?

'Allow' the client if it has been blocked. Also increase registration time if required.

 Also check if rule is set properly on page: 'Settings > Agents/Plug-ins > Symantec Management Agent > Settings > Registration Policies > Agent Registration Policy - Allow'
 

Thanks,
Sachin

Robin N's picture

Hello Sachin_Joshi5

         Thanks so much. 

         I  found that it is still no working. I was confused.        

Sachin_Joshi5's picture

Hello Robin,

Have you found the client as with status as blocked in 'Reports > Notification Server Management > Registration > Agent Registration Status'?

If yes, have you unblocked that client?

Have you observed this with another machine?

Thanks,
Sachin

 

 

 

 

Andrei Fedulin's picture

Hi,

Can you also confirm if your server is configured to work through SSL?  Please make sure certificate is valid then.

Also check if there is https binding on IIS .

Can you show what is under /opt/altiris/notification/nsagent/bin directory?

If there is aex-configure - try to launch it  :  aex-configure -iconfigure and proceed with steps.

If there is aex-getsscert - try to launch it : aex-getsscert https://YourNsServer to download certificate.

Thanks,

Andrei

Robin N's picture

 

 The error looks like the client machine unable to download required certificate in order to establish the communication with the Deployment server . Can you teach me checking if my server is configured to work through SSL or not ?

 

    I had check the steps from article before : http://www.symantec.com/docs/DOC5678   - (see Page 18 of 332). But the error still occur.

 

Please have a see the follow picture:

Andrei Fedulin's picture

Hi Robin,

I see agent is not configured.

Try to stop agent ( aex-helper agent stop)

Then launch ./aex-configure -iconfigure and proceed with steps. After configuration finished, try to launch getsscert again.

 

By default your server should have https binding (it is configured by SIM during installation), but if you didn't check  Require HTTPS, then agent should be able to work through http. To check whether your site requires https - go to IIS; select your website(by default it is Default Web Site)  and open SSL settings - if Require SSL is marked - then your site requires https)

Thanks,

Andrei

schnyders's picture

Hi

I've got the same error message in my new lab env. 
SSL is not marked as required on the Default Web Site. Also it was not checked during installation. But the linux preboot env still tries to download a certificate. 

"aex-helper agent stop" is not working

But I think it's a DNS problem in Linux PE. Sometimes I was not able to ping the server by it's FQDN but by IP. Let the machine stay for 5min in Linux PE and I was able to ping the machine. After 5 or more restarts to Linux PE, agent is working without any problem. One reboot later the issue was back. For me it's completely random if it's working or not. 

Thanks
Stephan2013-11-25_103237.png

 

 

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.