During the push of the Symantec Management Agent a Windows API is being used which picks up on any existing connection and ignores provided credentials.
This leads to access denied errors due to security contect being lost.
Failed to open the Service Console Manager Console on X.X.X.X. Return value=0, Error:80070005.
Symantec Engineering is aware of this issue and working on addressing this. The current tentative target to address this issue is the Symantec Management Platform 7.1 SP2 release. This may change without warning due to ongoing development and testing.
A Pointfix is available for this issue. Please download the zip file attached to this article called Pointfix_eTrack2439763.zip.
The following information is part of the Readme file contained in the zip file mentioned above.
HOW TO INSTALL THIS POINTFIX 1. Run the Install.cmd to install the assemblies on all NS-es in the hierarchy. Make sure that you run the install script from administrator elevated cmd.exe. Note: The original assemblies will be backed up in the same folder where the 'Install.cmd' is located. NB! This step RESTARTS NS AND WEB SERVICES.
HOW TO ROLLBACK THIS POINTFIX 1. Run the Restore.cmd on all NS-es in hierarchy. Make sure that you run the uninstall script from administrator elevated cmd.exe. Assemblies will be restored from the 'Backup' folder. NB! This step RESTARTS NS AND WEB SERVICES.
WHAT CHANGES WERE MADE The fix changes the authentication mechanisms in push-install Agents logic. Now will be used the push provided credentials for all outgoing connections and RPC calls.
IMPACT STATEMENT Impact – MEDIUM. The fix changes the way connections are made while push-install process and how user is authenticated to the remote machine during this process.
AFFECTED COMPONENTS & VERSIONING Altiris.Interop.dll - 7.1.6851.0 Altiris.NS.dll - 7.1.6851.0 Required redirection policy DLLs for affected .NET components are included to pointfix pack.