Symantec Management Platform (Notification Server)

I made the mistake of installing the new SMP v7.1 with SSL. It became too complicated dealing with the certificates and all, so I need to completely remove the SSL requirement.

I can't find a setting anywhere in SMP. I went into the IIS Management console and removed the requirement there - now my clients connect - but my agent/plug-in jobs still have HTTPS in their settings. I've looked in the package settings for various agents - pcAnywhere for one - and I can't find anything that says https required or to use https. When a package is assigned, the log on the client shows that there is a problem with the server certificate.

In general, the Targeted Settings control this, under the Advanced tab.  You would specify an alternate URL for the agent to use, e.g.

Server: servername.mycompany.com:80
Web: http://servername.mycompany.com:80/Altiris

If the setting here is to use 443/SSL, but clients can't communicate, you won't be able to change it here.  Instead, you'll need to change it client side using C:\Program Files\Altiris\Altiris Agent\AexAgentUtil.exe and the /Server: and /Web: switches.

My understanding is the plug-ins will use whatever the targeted agent settings use.  But you're saying the SMA is using port 80 but the plug-ins are still using 443?

I just "cleaned" SMA 7.1 from one client and then re-installed it making sure the installation job did not say https.

In looking at the Software Management log for the pcAnywhere agent, this is the error that is received:

- <Download version="1300132811" status="retrying" statusDescr="HTTP Request Failed: No connection could be made because the target machine actively refused it." nextRetry="2011-03-17 15:23:11" transferBytes="0" packageSize="55436586">

<Session startTime="2011-03-17 15:20:10" endTime="2011-03-17 15:20:11" source=https://servername/Altiris/NS/nscap/bin/win32/x86/pcaagent transferRate="0" transferBytes="0" transferCache="0" result="-2147014835" />

=====================

Note that the HTTP request failed and it was using HTTPS.

My guess is that there is something in the SMP configuration that still says to use HTTPS. I just can't find it. I've gone all through the settings page and can't find anything. I've looked at packages, especially the pcAnywhere package, and can't find anything that says to use HTTPS.

What am I missing?

Did you try re-registering using AeXAgentUtil.exe?

Did you specify an alternate URL as mentioned in the Advanced tab for Targeted Agent Settings?

If you browse to C:\Program Files\Altiris\Altiris Agent\ and run the command regsvr32 AexAgentDiagnostics.dll, then right-clik on the Agent and choose Diagnostics, Web Config, is the URL http:// or is it https://

If the Targeted Agent Settings include the alternative URL as mentioned above, it should show http:// in this location.  But if not, re-registering using AexAgentUtil.exe should resolve this issue and you should show http:// in this location.

Does http:// show here, yet you still have an issue?  Or does it show https:// right now?

You have to switch one setting to provide the package source over http and not over https.

In All Settings --> Notification Server --> Site Server Settings --> Package Service --> Package Service Settings 

Hope this helps!

URL shows HTTP in diagnostics. I'll try assigning another agent/plugin to see if it still attempts to use HTTPS.

Package Service setting shows HTTP codebase. I probably already changed that one when I was digging through all the settings.

I'm going to migrate another PC this morning to see if it has changed. I made so many changes to the two I already migrated, that I can't be sure of what I did when. It's probably working properly now, I probably just have clients that have been messed with so much that they are "confused".

So many settings, so little time...

When you mentioned targeted settings, I was looking on the new server, and didn't see anything. When I did the original migration test, the new server was set to use HTTPS, and I changed the targeted setting on the old server to use HTTPS.

In testing another migration this morning, I double-checked the old server settings and found the HTTPS there. I changed it to HTTP, added the client to the migration collection on the old server, and it showed up on the new server almost immediately. Once on the new server, it installed pcAnywhere before installing the SMA. I'll have to make sure other plugins/agents are disabled during the actual migration.

A little off topic, but one thing I did notice is that the computer received a different GUID when it reported in to the new server. I'll have to remember to test another migration after I import our Asset Management information. I'd hate to have to re-enter all of that information.