Customer is trying to register the client task agent to a task server. This machine is the actual Task Server itself.

Looking at the agent logs on the client machine trying to register to the Task Server, the following errors and messages were noticed:
 

Entry 1:
Failed to call web interface by url [http://TS01.example.com:80/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resourceGuid=234834a0-d833-4a86-95d1-a0fd28bfcb08&crc=0007000600000567], error [0x80090308, The token supplied to the function is invalid].

Entry 2:
Could not register using http://TS01.example.com:80/Altiris/ClientTaskServer/Register.aspx

Entry 3:
Failed to call web interface by url [http://TS01.example.com:80/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resourceGuid=234834a0-d833-4a86-95d1-a0fd28bfcb08&crc=0007000600000567], error [0x80042D21, IDispatch error #11041].

Entry 4:
An attempt to register on Task Server [TS01.example.com] over [http] completed with status [FAILED (may retry)].

ITMS 8.x

In this particular case the Task Server was a Domain Controller, which is not currently a supported configuration. However, in other instances the Task Server has been working on other Domain Controllers machines in the same environment.
This particular issue was caused by not having enough rights to the 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files' directory

These are the expected users and permissions:

The following steps were followed in order to identify the issue:

1. Copy on the IE Browser the link that needs to be accessed:
   http://TS01.example.com:80/Altiris/ClientTaskServer/Register.aspx
   
   
2. In this particular instance this page was displayed:
   
3. In order to find the actual error, we need to disable the custom errors for this page. Go to ...\Program Files\Altiris\Altiris Agent\Client Task Server\ServerWeb and edit the Web.config
4. Find the following section at the beginning of Web.config:

   <customErrors mode="On" />

   and change it from <customErrors mode="On" /> to <customErrors mode="Off" />. Save the changes.
    

5. Try again to access the Register.aspx page on your browser. Now you should see the real issue. Something like this:
   
   
   As the error message displays, the "IIS APPPOOL\Symantec Task Server AppPool" doesn't have "write access to 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'". In other instances, it could be "Local Service" that account that doesn't have rights to the mentioned directory.
6. Since in this particular case, the issue was on a Task Server that is a Domain controller, certain accounts either don't exist or not have the same rights as a regular server.
   • In the case you get "Local Service" or any other account, just add it to the Security portion of this "Temporary ASP.NET Files" folder. Full Control or Read & execute, List folder contents, Read, and Write should be sufficient.
   • In the case of "IIS APPPOOL\Symantec Task Server AppPool", if it is a Domain Controller, this account technically doesn't exist, referring to IIS_IUSRS. See https://support.microsoft.com/en-us/kb/946139. You could change under the App Pools in IIS the account used for "Symantec Task Server AppPool" from "ApplicationPoolIdentity" to "NetworkService" and then grant the same rights mentioned in the step above to this account for the "Temporary ASP.NET Files" folder.
7. Restart Agent service. After the Symantec Management Agent service restarts you should be now registered to the Task Server. You can verify that now you have access to the Register.aspx page and you should see something similar to this:
   
   <?xml version="1.0"?><response description="The handler 'Register' is failed to process request. Called without 'resourceGuid' parameter or with invalid." code="7" result="failure">The handler 'Register' is failed to process request. Called without 'resourceGuid' parameter or with invalid.</response>
   
   which it is fine since we are not passing all the required parameters.