Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Client-side Exceptions for Windows Firewall

Created: 14 Dec 2012 | 2 comments

For SMP 7.1 SP2 MP1, I managed to push the SMA to a couple of my Win7 Pro (physical) desktops with their Windows Firewall enabled (i.e. with File/Print Sharing exception).  They seemed to be working OK until recently where I brought up my first task/package server after which I noticed that my PCs weren't updating both their configs and basic inventory.  Even when I temporarily disabled the firewall on one of my PCs and tried to update the config, the date fields continue to have "N/A" next to them.  On the flipside, all of my test VMs, which are a mix of WinXP and Win7 workstations with their firewalls off, are checking into my SMP server just fine.

I'm not quite certain but I think none of my VMs were running when I had brought up my task server although my 2 Win7 PCs were definitely on.  Not sure if my new task server and this issue are related but if we wish to keep Win7's firewall enabled, do we have to make any special accommodations on each of the workstations in regard to firewall exceptions?  If I manage to get the SMP agent installed as I did with firewalled Win7 boxes, would things eventually snowball with the firewall still enabled where the SMA is no longer able to check back with the SMP server?

I'm still an Altiris 6 shop and have been testing ITMS 7.1 in hopes of migrating soon but have no idea why this problem occurred on both of my physical boxes whereas all 6 of my test VMs are still updating their configs and basic inventory just fine.  Any ideas on the cause of this problem will be greatly appreciated.

Comments 2 CommentsJump to latest comment

andykn101's picture

The Task Server shouldn't have any impact on working Agents posting Basic Inventory or updating config. It's either a coincidence or the Task Server has a network misconfiguration, name or IP address conflicts or similar.

Look at the Agent logs with the Remote Altiris Agent Diagnostics (RAAD) tool:

http://www.symantec.com/docs/HOWTO21449

 

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

Clint's picture

Regarding the SMA not communicating with my SMP server on a couple Win7 boxes, I believe I know what happened.  Unlike my 6 VMs which continued to update their SMA configs just fine, I had failed to exclude the 2 affected Win7 workstations from my automatic Altiris 6 client push.  I think the Altiris 6 agent tried to load, saw that there was a higher version then aborted.  However, it appears this install attempt redirected my Win7 PCs from my SMP 7.1 to Altiris 6 server.  Just curious if anyone can confirm this behavior.

Clint