I am receiving errors in the Deployment Solution Web console including "Unable to Connect", "System.Web.HttpUnhandledException" and "Exception has been thrown by target of invocation". This error can occur with the Web console in the Altiris Console or in the stand-alone DS Web console.
There are seven causes listed in order of occurence:
Users who are accessing the Web console do not have file access to C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys.
Security Rights are not properly set on the database.
(DS 6.1) Checking the “Encrypt communication between Web Server and Deployment Server” box in the Altiris Express Server applet.
By checking this box it enables encryption between the Web Server and Deployment Server. However, by default, the Web Console does not use encryption, and the GUI does not have a method to use this functionality. Because the server is using encryption, and the console is not a “target of invocation,” an error is displayed. Information will be provided to customers on how to use this functionality.
After enabling encryption the <serverProviders> line in the “DataManager.exe.config” file states: “<serverProviders> <provider type="Altiris.DSSDK.Remoting.SecureServerChannelSinkProvider, AxDsDm" algorithm="DES" oaep="false" requireSecurity="true" connectionAgeLimit="900" sweepFrequency="450"/><formatter ref="binary" typeFilterLevel="Full"/> </serverProviders>”
(DS 6.5) DS 6.5 added the necessary code in the DSWeb.dll.config (which is located in the Deployment Web Console\DSWeb directory) file for encryption as listed below:
However, by default the Encrypt communication between Web Server and Deployment Server box in the Altiris Express Server applet is unchecked meaning that the communication is not encrypted. By design the Web console tries to determine whether to send the data encrypted or not. Sometimes, with the above line in the config file, it doesn’t make the correct decision and sends the data encrypted when it shouldn’t be encrypted. This is when the target of invocation will appear.
The Data Manager is not using the default port 8080 or is unable to communicate through the currently configured port.
The Altiris Deployment Server Data Manager service on the Deployment Server is not set to log on with a domain admin account, or the account is not a DBO to the database.
NET framework is not properly registered with IIS.
The version of MDAC that is installed on the SQL, DS, and DS Web console systems is not version 2.7 or greater.
Note: These steps have worked for some users and are quick to try, so try these steps before trying the other solutions.
The best option is to Highlight where it states Unable to connect. The second paragraph will give you a more detail resolution.
Solution to Cause 1
Give domain users who are going to be using the console read/execute access permissions to C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys.
Allow this right to propagate to all files and directories under it.
There are two things that you need to make sure of with this solution.
Make sure that all the GUID files under the MachineKeys directory have been successfully propagated to.
If not, take ownership of the offending files and re-propagate to them.
Solution to Cause 2
Run the DSDBsecurity located in the .\techup\windows directory. Located in the Deployment Share.
Solution to Cause 3
(DS 6.1) Change the serverProviders line in the DataManager.exe.config file (which located in the Deployment Server Directory), by default 6.5 already has this change:
From within TCPView.exe, click on the Options Menu and uncheck the option "Resolve Addresses"
From within TCPView.exe, click on the View Menu > choose Update Speed > and change this to "Paused"
From within TCPView.exe, look at the list of processes and find Datamanager.exe. Look for the entry that is shown here:
The highlighted entry above shows in the 3rd column that currently the Datamanager is listening on port 80.
Now either change the port that Data Manager uses, or modify the Deployment Server Web Console to use the existing port.
Note - Port 8080 is the default port used by the Deployment Server GUI installation; however if axinstall.exe is used to script the installation of Deployment Server (using a silent.ini file), make sure the value SeDataManagerPort=8080 is defined in the silent.ini - otherwise Deployment Server will use Port 80 as its default port.
To change the port currently used by DataManager:
Modify the X:\Program Files\Altiris\eXpress\Deployment Server\ DataManager.exe.config
Scroll to the bottom of the DataManager.exe.config file and look for the following entry:
Modify the YOURPORTNUMBER to be another available port. DO NOT use Port 8081 as this is used by Console Manager and cannot be modified.
Restart the DataManager service in order for it to read the changed config file.
To change the port currently used by DS Web to connect to the server:
From the Web Console, click on the Root Level entry reading "Deployment Servers" in the Computers pane.
In the right "context sensitive" pane, Click on the server that is not working, and change the port to match the port that is currently in use by the DS Web console to connect to the remote DS Server:
Solution to Cause 5
Make sure the user account that the Data Manager is using to log on to the database is a domain admin account or an account that is a DBO for the database, not just an account that has the DBO role right.
Solution to Cause 6
Reload the .NET framework by doing the following:
Stop the IIS admin service. Start > Settings > Control Panel > Administrative Tools > Services > IIS Admin.
Stop all services that use .NET.
Delete the temporary .NET files. (Example shown is using Windows 2003. Other operating systems will have different directory paths.)
Using Windows Explorer go to c:\windows\Microsoft.net\framework\v1.1.4322\Temporary ASP.NET Files. Delete all subdirectories and files in this directory. The files will be recreated when the .NET applications are restarted.
Open a command prompt: click Start > Run, type in “cmd” and press <Enter>.
At the command prompt, type the following and then press ENTER: “%windir%\Microsoft.NET\Framework\<version>\aspnet_regiis.exe” –i
At the command prompt, type "regsvr32 %windir%\Microsoft.NET\Framework\<version>\aspnet_isapi.dll" and then press ENTER.
In this path, <version> represents the version number of the .NET Framework that is installed on the server. Replace the actual version number when typing the command.
Restart all services that were previously shutdown.
Solution to Cause 7
Open the registry using Regedit and access the key HKLM\Software\Microsoft\DataAccess. Look at the value of the Version key to see the MDAC version installed. If the version is not 2.71 or greater, MDAC needs to be updated.
Download MDAC 2.8 (latest MDAC as of 8/30/2004) from here.
Install the new version of MDAC on all DS, SQL, and Web Console systems. Also, go to Start > Programs > Altiris > Deployment Solution and launch Configuration.
Click on Options.
Select the Authentication tab.
Make a change (I unselected the Use SQL Server account authentication) and click on Apply.
Now put it back the way it was and click on OK.
You'll be asked to restart the services so click on Yes.
Exit out of the Configuration utility.
This procedures need to be done on the Deployment Server computer. After applying each solution, verify that the error still exists before trying the next solution.