Getting "Replication of PM Import Data to servername.domain.com could not be executed" error when trying to run "Patch Management Import Data Replication For Windows"
search cancel

Getting "Replication of PM Import Data to servername.domain.com could not be executed" error when trying to run "Patch Management Import Data Replication For Windows"

book

Article ID: 162954

calendar_today

Updated On:

Products

IT Management Suite Patch Management Solution

Issue/Introduction

Customer is not able to replicate their PMimport to both child servers.
They have scheduled their "Patch Management Import Data Replication For Windows" to a specific time of the day. When it triggers the schedule, the following errors appear:

Replication of PM Import Data to ChildServer.domain.com could not be executed.
Exception
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401)
Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

 

Other replication activity runs and completes just fine.

Replication of PM Import Data to ChildServer.domain.com could not be executed. Exception
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. 
The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---

Server stack trace: 
   at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest
request, HttpWebResponse response, WebException responseException,HttpChannelFactory factory)
   at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest
request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
   at
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message,TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean
oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&msgData, Int32 type)
   at Altiris.PatchManagementCore.PatchWorkflowSvcRef.PatchWorkflowSvcSoap.IsCleanUpAfterUpgrade71Finished()
   at Altiris.PatchManagementCore.Services.PatchWorkflowSvc.IsReplicationToChildAllowed(HierarchyNodeItem nodeItem)

Cause

Known issue. In this particular instance, PatchWorkflowSvc.GetServiceReference incorrectly resolves credentials.
Credentials should be resolved before/during this method call.

"GetServiceReference: creds are: domain=, username=@APPLICATION_ID","PMC:PatchWorkflowSvc.GetServiceReference","AeXSVC.exe","252","Informational"

Resolution

This issue has been reported to the Symantec Development team. A fix to this issue should be available for our next major release (currently for ITMS 8.0).

You should be able to get it working by editing the credentials in the child node this way:
1. Under Settings>Notification Server>Hierarchy, under Topology tab, select the child SMP and right-click>Edit
2. The "Child Settings" UI opens. Select "use these credentials" and typed the AppID account.
3. In the "Return Credential Settings" UI, select "use application credentials".
4. Saved those changes.

After that "Patch Management Import Data Replication For Windows" was able to run and pass the proper account validation.