This issue is occurs when an image is captured in an SSL environment that also has CEM enabled. There are CEM policies applied to the particular client that the image was captured from as well as registry settings that have been applied. When the image is deployed to a new machine, that new machine is not included in those CEM policies because those are targeted through the console. The Symantec Management Agent will detect that these policies are not enabled and therefore delete the SSL certs associated with CEM for security reasons.
Environment: Deployment Solution 7.5 GA - 7.5 SP1 HF5
Deployment Solution 7.6 GA - 7.6 HF7
Deployment Solution 8.0 GA - 8.0 HF5
To resolve this issue the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications\Block Gateway Settings must be edited either before the image is capture or after the image has been applied to a client machine, but before the client fully boots to production and tries to communicate. If the Symantec Management Agent starts the associated certificates will be immediately deleted.The Block Gateway Settings entry must be set to 1. This is the default value if the CEM Installation Package is used. If it is set to 1 prior to the machine being booted to production the certificates will not be deleted.
Subscribing will provide email updates when this Article is updated. Login is required.