Changing the Application Identity account causes Client Policy generation to take longer to build
Last Updated March 24, 2015
Changing the Application Identity account causes Client Policy generation to take longer to build. This results in increased load on the Notification Server.
There may be more message "The maximum number of client policy requests has been reached"
It appears that when a new App Id is used some of the permissions assigned to the old App Id are not moved over to the new one.
There are two possible solutions:
The preferred solution is to change the App Id back to the original.
If that is not an option the attached queries can be used to see what permissions were assigned to the old app that are not assigned to the current and add them. Symantec development is aware of the issue. IMPORTANT: The query says OldAppIdName and NewAppIdName on lines 9 and 10. These must be changed to the correct values for the customer. Run the following SQL to see all trustees and select the correct ones to use in the attached.
select st.Name, st.Guid from SecurityTrustee st left join SecurityRole sr on sr.Guid = st.Guid where sr.Guid is null order by st.Name
Run the attached "Show missing App Id Permissions.sql", making sure to change lines 9 and 10 accordingly, to see what is missing for the current Application Identity.
Run the attached "Add missing App Id Permissions.sql", making sure to change lines 9 and 10 accordingly, to add any missing permssions to the new Application Identity account.