Customer is trying to register the client task agent to a task server. This machine is the actual Task Server itself.
ITMS 7.5 and later
Looking at the agent logs on the client machine trying to register to the Task Server, the following errors and messages were noticed:
Failed to call web interface by url [http://TS01.domain.com:80/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resourceGuid=234834a0-d833-4a86-95d1-a0fd28bfcb08&crc=0007000600000567], error [0x80090308, The token supplied to the function is invalid].
Failed to call web interface by url [http://TS01.domain.com:80/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resourceGuid=234834a0-d833-4a86-95d1-a0fd28bfcb08&crc=0007000600000567], error [0x80042D21, IDispatch error #11041].
An attempt to register on Task Server [TS01.domain.com] over [http] completed with status [FAILED (may retry)].
In this particular case the Task Server was a Domain Controller, which is not currently a supported configuration. However, in other instances the Task Server has been working on other Domain Controllers machines in the same environment. This particular issue was caused by not having enough rights to the 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files' directory
These are the expected users and permissions:
The following steps were followed in order to identify the issue:
In this particular instance this page was displayed:
In order to find the actual error, we need to disable the custom errors for this page. Go to ...\Program Files\Altiris\Altiris Agent\Client Task Server\ServerWeb and edit the Web.config
Find the following section at the beginning of Web.config:
<customErrors mode="On" />
and change it from <customErrors mode="On" /> to <customErrors mode="Off" />. Save the changes.
Try again to access the Register.aspx page on your browser. Now you should see the real issue. Something like this:
As the error message displays, the "IIS APPPOOL\Symantec Task Server AppPool" doesn't have "write access to 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'". In other instances, it could be "Local Service" that account that doesn't have rights to the mentioned directory.
Since in this particular case, the issue was on a Task Server that is a Domain controller, certain accounts either doesn't exist or not have the same rights as a regular server.
In the case you get "Local Service" or any other account, just add it to the Security portion of this "Temporary ASP.NET Files" folder. Full Control or Read & execute, List folder contents, Read, and Write should be sufficient.
In the case of "IIS APPPOOL\Symantec Task Server AppPool", if it is a Domain Controller, this account technically doesn't exist, referring to IIS_IUSRS. See https://support.microsoft.com/en-us/kb/946139. You could change under the App Pools in IIS the account used for "Symantec Task Server AppPool" from "ApplicationPoolIdentity" to "NetworkService" and then grant the same rights mentioned in the step above to this account for the "Temporary ASP.NET Files" folder.
Restart Agent service. After the Symantec Management Agent service restarts you should be now registered to the Task Server. You can verify that now you have access to the Register.aspx page and you should see something similar to this:
<?xml version="1.0"?><response description="The handler 'Register' is failed to process request. Called without 'resourceGuid' parameter or with invalid." code="7" result="failure">The handler 'Register' is failed to process request. Called without 'resourceGuid' parameter or with invalid.</response>
which it is fine since we are not passing all the required parameters.
Subscribing will provide email updates when this Article is updated. Login is required.