SMP Console times out when trying to add computers to a filter via a CSV file.
With ITMS 8.1 RU7:
Customer will create a new filter by going to Manage > Filters. They will usually do this filter creation using the Symantec Administrator role. They have a cloned copy of the Symantec Administrator role, along with level 1 worker role, where members will use a .txt file or .CSV file to import computers into that filter:
Add user to a cloned or any other security role other than the Symantec Administrators role
Create new filter
Edit this filter by clicking on icon to import computer list. Browse to the CSV file with the computer list
Wait for a moment but no computers are displayed as added
This started to happen after their upgrade to 8.1 RU7, even with the fixes already added under ITMS 8.1 RU4 for the same issue. This only happens with any other security roles that are not the Symantec Administrators (even when those users have full access to computers resources).
ITMS 8.1 RU3
ITMS 8.1 RU7
Sometimes you may see an error like this after waiting for the page to load with the imported machines:
Exception logged from:
at Altiris.NS.UI.AltirisWebApplication.Application_Error(Object, EventArgs)
at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
User [MyDomain\Svc_Altpdws], Auth [MyDoamin\AltUser10], AppDomain [/LM/W3SVC/1/ROOT/Altiris/NS-3-132016168419455250]
Know issue. There is an optimization problem with "spGetPushAgentStatus" stored procedure.
Prior to ITMS 8.1 RU4:
The original issue with "spGetPushAgentStatus" stored procedure was addressed with fixes added to ITMS 8.1 RU4. See DOC10690 under "Fixed Issues for Notification Server" section.
With ITMS 8.1 RU7:
Even with the improved "spGetPushAgentStatus" stored procedure, there was an issue with how the Security Privileges and Rights are done when the user is part of a non-Symantec Administrator Security Role. This issue has been addressed with changes done under ITMS 8.5 with the introduction of a function called "fnAC_HasFullScopeAccess".
Please us the attached two files to add the proposed workaround:
The modified "spGetPushAgentStatus_Updated.sql" has the following section modified to utilize the new "fnAC_HasFullScopeAccess" from ITMS 8.5:
JOIN ( SELECT DISTINCT ResourceGuid FROM ScopeMembership WHERE --Added this check to see if the users has rights to all computers before we check them one at a time (select dbo.fnAC_HasFullScopeAccess ('493435F7-3B17-4C4C-B07F-C23E7AB7781F', @Trustees)) = 1 --End OR ScopeCollectionGuid IN (
SELECT ss.EntityGuid FROM sec_EntitySource ss JOIN sec_EntityTrustee st ON st.EntityGuid = ss.SourceGuid JOIN @TrusteeGuids tt ON tt.Guid = st.TrusteeGuid WHERE st.Permission >= 0x2000000000000000 )
Also run the attached "fnAC_HasFullScopeAccess.sql" to add the new function into your database.