During a repair or an upgrade, while using SIM (Symantec Installation Manager), it fails during configuration process with some errors related to:
Failed to retreive key: DbPassword
Access to the path 'C:\ProgramData\Symantec\SMP\KMS' is denied.
[System.UnauthorizedAccessException @ mscorlib]
Failed to retreive key: DbPassword
Access to the path 'C:\ProgramData\Symantec\SMP\KMS' is denied.
[System.UnauthorizedAccessException @ mscorlib]
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileSystemEnumerableIterator`1.CommonInit()
at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
at System.IO.Directory.GetFiles(String path)
at Altiris.NS.Security.Cryptography.SymmetricKeyManager.KeyExists(String name)
at Altiris.NS.Security.Cryptography.SymmetricKeyManager.PerformKey[TKey,TValue](String name, Func`2 func, LoadKeyType keyType, Boolean throwOnError)
at Altiris.NS.Utilities.BasicCrypto.TryDecrypt(EncryptedData t, String keyName, Byte[]& result, Boolean throwMissingKey)
at Altiris.NS.Utilities.BasicCrypto.FromBase64(String encryptedData, String keyName, String legacyKeyName, Boolean& usedLegacyKey)
at Altiris.NS.Installation.DbConfiguration.GetPassword(String configName, String legacyKeyName, String& cache)
Exception logged from:
at Altiris.NS.Installation.DbConfiguration.GetPassword(String, String, String&)
at Altiris.NS.Utilities.DbUtils.GetConnectionParameters(String, String&, String&, String&, String&)
at Altiris.NS.Utilities.DbUtils.GetSqlServerVersion(String)
at Altiris.NS.DataAccessLayer.DatabaseAbilities.ReloadDatabaseVersion()
at Altiris.NS.DataAccessLayer.DatabaseAbilities.get_SqlVersion()
at Altiris.NS.DataAccessLayer.DatabaseAbilities.RefreshAbilities()
at Altiris.NS.Logging.EventLog+HouseKeeper.PerformUpdate()
at Altiris.NS.Logging.EventLog+EventLogQueueThreadRunner.DoHouseKeeping()
at Altiris.Common.Threading.HouseKeepingList.DoHouseKeeping()
at Altiris.Common.Threading.HouseKeepingList+HouseKeepingController.DoHouseKeepingThreadProc(Object)
at Altiris.Common.Threading.LocalThreadPool.ExecuteWorkerRequest(Altiris.Common.Threading.LocalThreadPool+LocalThreadPoolWorkerState, Altiris.Common.Threading.LocalThreadPool+UserWorkItem)
at Altiris.NS.Threading.NSThreadPool.ExecuteWorkerRequest(Altiris.Common.Threading.LocalThreadPool+LocalThreadPoolWorkerState, Altiris.Common.Threading.LocalThreadPool+UserWorkItem)
at Altiris.Common.Threading.LocalThreadPool.ThreadPoolProc(Object)
at System.Threading.ThreadHelper.ThreadStart(Object)
User [ExampleDomain\USERNAME], Auth [ExampleDomain\USERNAME], AppDomain [NSConfigurator.exe]
-----------------------------------------------------------------------------------------------------
Date: 2/11/2019 2:37:45 PM, Tick Count: 20190796 (05:36:30.7960000), Size: 2.74 KB
Process: NSConfigurator (7440), Thread ID: 21, Module: Altiris.NS.dll
Priority: 2, Source: Altiris.NS.Installation.DbConfiguration.GetPassword
ITMS 8.0 or later
Having the incorrect permissions set on the RSA/MachineKeys folder. Please refer to:
https://support.microsoft.com/en-us/help/278381/default-permissions-for-the-machinekeys-folders
In some rare cases, even with the mentioned fix mentioned here, you may need to verify the following:
We found that in some occasions the permissions in the machine keys directory needed to have the service account (App Identity) added instead of just administrators group:
Create files / write data
Create folders / append data
Write attributes
Write extended attributes
Delete