apply correctly the TECH204095 and get back the package folder creation correctly not error, we do not use ACC or PDC, reusing the Application credential all parts.
- Change registry (HKLM/SOFTWARE/Altiris/Altiris Agent/Package Server/EnableDACLManagement=Dword:0)
- icacls * /t /reset (from cmd in admin mode, on the package repository)
No need to iisreset, to make it works (package services into SMB not using IIS).
The “proxy” error was in final removed by removing any proxy settings into Altiris console “Notification Server Settings / Proxy: Do not use”
That is crazy !
Because I don’t get any updated policy update on the site server/package service agent, when changing this proxy settings. Of course, NS not any more able to access the Internet…
But WHY those site servers are they using this proxy settings to get their package from the notification server himself ? That is amazing !
Is it something new added with the CEM (cloud) feature ? Or was it by design from Start ?
I can believe in some situations, with the cache option, this can be useful to use a proxy internally to get download package, with a reducing traffic from Datacenter where the NS is, but mainly, Proxy is used to access Internet !
Why not separating the settings ?
Explicit provide a proxy settings for site servers, instead of a global one, same for NS access Internet and Site package services to get access NS packages (using http/https, of course, SMB/UNC do not use the proxy, and happy, this allow most installations are working)
We don’t really need to deactivate http/https, but was an attempt to force UNC, in fact another issue. See next, the process I do not test to deactivate http provided from Support escalation.
For your information, the support escalation provide the following process to deactivate the http/https ! (as NSconfig not any more with) But I do test it.
- In the Notification Server, browse to C:\ProgramData\Symantec\SMP\Settings
- Make a copy of the 'CoreSettings' file (Highlight the file name > Ctrl C > Ctrl V in the same folder)
- Open Coresettings.config file as an administrator using notepad or notepad ++
- Scroll down to 'GetPackage Info Settings'
- The below three entries should be found there.
<customSetting key="GenerateNSUNCPackageCodebases" type="local" value="1" />
<customSetting key="GenerateNSHTTPPackageCodebases" type="local" value="1" />
<customSetting key="GenerateNSHTTPSPackageCodebases" type="local" value="1" />
- Change the HTTP and HTTPS entries to 0 value. UNC entry value should be left as 1.
- Click save
- Please ensure the changes made get saved in the 'coresettings.config' file.
- Once changes made have been verified in the file, please test and advise if this forces UNC for NS to distribute packages to package servers.
If someone apply this one above, thanks to share the result !