When using Agent Connectivity Credentials, Site Servers are Unable to Register with Task Server. When the attempt is made to register, you notice the error shown in the error message section below, constantly appears.
source="Altiris.TaskManagement.Common.XmlHttp.BaseXmlHttpCallback.LogResponseException" module="w3wp.exe" process="w3wp" pid="15544" thread="628" tickCount="328638757"><![CDATA[The handler 'RegisterTaskServer' is failed to process request. Altiris.NS.Exceptions.AeXSecurityException: The caller [Domain\ACCAccount] does not have one or more of the specified permissions on the specified item c74002b6-c7b9-47bb-a5d6-3031af73bb8d
at Altiris.NS.Security.ItemPermission.Demand(Guid entity, Guid permission)
at Altiris.Resource.ResourceDataTable.Load(Guid resourceGuid)
at Altiris.TaskManagement.ClientTask.BaseWeb.RegisterTaskServer.WriteResponse(XmlTextWriter wr)
at Altiris.DotNetLib.Threading.StringBuilderCache.ToXml(Action`1 fu)
at Altiris.TaskManagement.Common.XmlHttp.BaseXmlXmlHttpCallback.WriteResponseRaw(XmlTextWriter xwr)
at Altiris.TaskManagement.Common.XmlHttp.BaseXmlHttpCallback.ProcessRequest(HttpContext context)]]></event>
By default the Altiris Agent Connectivity account (ACC) does not have access to the dataclass with GUID c74002b6-c7b9-47bb-a5d6-3031af73bb8d. This is the AeX AC Identification table.
This issue has been addressed with the ITMS 7.6 HF7 release.
The best approach would be to create a security role, which includes the account containing the ACC domain account. You then give the security role access to read AeX AC Identification data class. To accomplish this you would do the following:
Create an account in the console. I called my ACC Account.
Add the domain user account as a member to the account.
Enable the account
Create a security role. I called mine ACC Security Role.
Under the members tab, add the ACC Account as a member.
Click on the Show Security Role Manager.
Once in Security Role Manager, click the + button and navigate to Data Classes > Inventory > Basic Inventory. Now navigate and find AeX AC Identification.
As shown in the following screenshot, you would put a check in Write Resource Data.
Save the changes and restart the Altiris Client Task Data Loader and Altiris Object Host Service services. Registration should now be successful.
The other alternative would be to add the ACC domain account to the Symantec Administrators group.
Subscribing will provide email updates when this Article is updated. Login is required.