We have several site servers with the Task and Package services installed. 

A couple of them are showing as being Not Registered on the Task Status tab.  A couple more are pointing back to the Notification Server as the Task Server.

I have triple-checked that the subnets are correct and that the subnets are assigned to the correct site and the sites targeted by the proper site server.
Is there somewhere else I should be checking?

Also, what is best practice?  Should a Site server be targeting itself as the Task Server if it has the Task services installed?

Was just wondering is someone was able to get this to work?https://support.symantec.com/en_US/article.HOWTO124425.html

select vc.[guid], vc.name, vc.[ip address], vc.[os name], ic.Value from 
 Inv_Agents-NS ic --Your custom data class table here

join vComputer vc on vc.[guid] = ic._ResourceGuid

I am getting stuck on the very last step:

When i try to save a query i am getting an error:

This DataSource is not in a runnable state.

Running this in SQL error:

Msg 102, Level 15, State 1, Line 2
Incorrect syntax near '-'.

I understand the problem is with the name. When i try to use "Inv_Agents-NS" then i am getting no data at all

Thanks for the help

When we are making changes to a Detection Rule, they are not applaying directly to the clients. When we make a new DR it wil apply to the clients.

There is also an error in the Altiris Log Vieuwer when we save a changed DR.(see below)

Can someone help me on this case please...

http://ALTIRIS2/Altiris/InventoryRuleManagement/Agent/InventoryRuleService.svc/ruleshavechanged

System.Net.WebException (System): The remote server returned an error: (404) Not Found

bij System.Net.HttpWebRequest.GetResponse()

bij Altiris.InventoryRuleManagement.WCFInvRuleWebService.SendPostRequest(Guid[] theGuids, String strUrlArguments, String xmlRootName, String xmlChildName)

Exception logged from:

bij Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception, String footer)

bij Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, Exception exception)

bij Altiris.InventoryRuleManagement.WCFInvRuleWebService.SendPostRequest(Guid[] theGuids, String strUrlArguments, String xmlRootName, String xmlChildName)

bij Altiris.InventoryRuleManagement.WCFInvRuleWebService.InvalidateRules(Guid[] ruleGuids)

bij Altiris.InventoryRuleManagement.Messages.InvalidateDataClassRuleCacheSubscriber.OnNSMessage(INSMessage message)

bij Altiris.NS.Messaging.NSMessageQueue.NotifySubscriber(Guid subscriberGuid, INSMessage message)

bij Altiris.NS.Messaging.NSMessageQueue.NotifySubscriberEntry(Object o)

bij Altiris.Common.Threading.BalancedThreadPool.ExecuteWorkerRequest(BalancedThreadPoolWorkerState worker, BalancedThreadPoolWorkerRequest req)

bij Altiris.Common.Threading.BalancedThreadPool.ThreadPoolProc(Object o)

bij System.Threading.ThreadHelper.ThreadStart(Object obj)

Replacement cycle underway in our educational institution. 8,000 endpoints. 5,000 with dreaded deepfreeze. My question pertains to that subgroup.

New PC arrives, imaged, SMA installed and functioning. PC then "frozen".

We can push an exe to configure bios (PW, WOL settings) no problems.

However, when it comes to doing so by policy how would you check for compliance so that it doesn't run over and over again? Please keep in mind, PC's have Faronics' Deepfreeze product installed and are "Frozen".

Thank you!

When scheduling Altiris Agent pushes, is it possible to exclude a list of subnets so the machines at these locations won't get the client?  We have PCs in certain remote locations where they're old/underpowered and whose network connections are on slow DSL links.  Would be nice if I could specify subnets to avoid during the agent push although don't readily see a way to do this.

Greetings,

We changed our AD structure to flow better with our computers.  We previously imaged a computer and it went into the default computer OU(computers) and we would manually move them.  Now we created, say (OU=computers, OU=laptop, OU=location).  We have a system configuration task that changes the computer name,no issue there, then put it into the domain and the new OU.  That process is failing with a return code 1, meaning that it is not adding the computer into the domain and of course not in an OU also. In the Edit Configuration we have domain option checked and in the OU we have computers/laptop/location.  Of course we put in the domain\user credentials.

Anyone with any insight or direction we would appreciated it.

thanks

/sp

Symantec we are currently testing SEP Cloud with the SMP Security Connector (SMP 8.0 HF3)

Could you please add the possibility to remove / delete a device from the Symantec Management Console when the Device is unenrolled. It would be great if we can have an additional checkbox to enable or disable this function.

I am trying to create targets for specific sets of systems so that the folks in my group can use them to run jobs. I can't seem to figure out the proper permissions settings so that non-admin users are able to see the targets as i create them.

Any help with fixing this would be appreciated.

I'm lloking at uninstalling software from any machines that have it installed. What I'm looking to do is when I do a managed software delivery and using the uninstall command I use a filter usually to detect all windows 7 machines but I understand you can one step further and target the computers with the software installed, is this correct?

If so how do I get this set up? I tried looking through the filters but there are so many. Not a massive issue as I can target all windows 7 machines and the sooftware package has a detection rule configured for when we rolled out the software in the first place but the software is no longer equired and cosuming licenses.

Recently I moved the PGP Desktop software from one computer to another and I got the keys to verify but after a few weeks we are now seeing an issue where new PGP files are coming in and when you try to decrpt them it has an error message that says "1 unknown key(s)" and then when you double click on that it tries to go to "keyserver.pgp.com" and then it fails and displays error message "server open failed".

This issue looks like it is happening on Symantic's end but since support ran out they refuse to help me.

I am running version 10.2.0

The server type is: PGP Global Directory LDAP

Address is: keyserver.pgp.com

Port 389

Below is the query present inside Computers with Software installed report in our console. For a certain software, the installed count in our environment is 14000 but while selecting the same software by running this report in console returns only 500.Could someone help me in modifying the report so that it can return proper results.

Declare @ProductUsage Table(
    ResourceGuid varChar(36)
    ,Name varChar(36)
    ,[OS Name] varChar(36)
                   ,UsedCount int
    ,DeliveryStatus varChar(36)
    ,SoftwareComponentGuid varChar(36)
    ,[Software Name] nvarchar(128)
    ,LastStart DateTime
    ,InstallDate DateTime
    )

INSERT @ProductUsage
EXECUTE spAC_GetComputersBySoftwareProduct @ComputerName=N'%%'
, @SelectTop=20
, @Trustee=N'{2E1F478A-4986-4223-9D1E-B5920A63AB41},{402DC8EC-CC6C-4D4B-B389-F12AE18CB02F},{582029E2-FC5B-4717-8808-B80D6EF0FD67},{9791A53A-6F81-4701-B878-E68C4C540057},{A8508E1D-C6A5-4F9B-A1F4-3D401C44564D},{AE41E526-1963-4C40-A456-A67E845F4D19},{B760E9A9-E4DB-404C-A93F-AEA51754AA4F}'
, @SoftwareComponentGuids='%DesiredComponentGuid%'
Select 
    PU.Name
    ,PU.[OS Name]
    ,PU.[Software Name]
    ,PU.UsedCount
    ,PU.LastStart
    ,SwINV.Usage
    ,SWInv.[Usage Previous Month]
    ,PU.InstallDate
from @ProductUsage PU
JOIN  (    Select Inv._ComputerResourceGuid
                ,inv.Usage
                ,inv.[Usage Previous Month]
                ,itm.Name
                from
                dbo.Inv_SoftwareProduct_InstallationInfo INV
                JOIN dbo.vItem itm ON itm.Guid=inv._ResourceGuid
                where itm.Guid = '%DesiredComponentGuid%' and itm.ClassGuid = 'AA34B7C1-1C65-4085-A9D1-E7F83D633B2F'    
                Group By Inv._ComputerResourceGuid ,inv.Usage, inv.[Usage Previous Month],itm.Name) as SwINV ON PU.ResourceGuid = SWINv._ComputerResourceGuid

Is there an ETA for SQL 2016 support?

Hello,

I inherited our current 7.1 Symantec Notification Platform from my predecessor about a year ago, including 2 Notification Servers, 2 SQL Servers, 2 site servers  and about 5000 machines. After the deployment of a policy we run a SQL Query to get an overview of the results, returning 1 entry for each computer and a status "Not Applied", "In Compliance" or "Not In Compliance".

When I started, the query returned about 95% of computers as "In Compliance" with an average of 5% falsely reporting as "Not Applied". When remoting into the computer and observing the Altiris Agent, the status of those endpoints was in fact "In Compliance". A 5% False Negative rate wasn't too bad at the time and we just went with it, understanding that this is how things would be from now on.

The problem is as following: Over the last half year, the computers falsely returning "Not Applied" has grown from 5% to over 40% per deployment. This is creating a lot of manual follow up work for me. Does anyone perhaps know why this is happening and what I can do to resolve this?

SQL Query used (start/end dates and policy name change per deployment:

USE Symantec_CMDB

DECLARE @PolicyName   nvarchar(256),

        @ComputerName nvarchar(256),

        @SoftwareName nvarchar(256),

        @StartDate    datetime,

        @EndDate      datetime

SELECT  @StartDate    = '20161115', 

        @EndDate      = '20161122'

BEGIN

SELECT  @EndDate   = DATEADD( ss, 86399, @EndDate )        -- + 23:59:59

SELECT  @PolicyName   = LOWER( N'POLICYNAME' ),

        @ComputerName = LOWER( N'%' ),

        @SoftwareName = LOWER( N'%' )

EXEC [dbo].[sp_SWM_SoftwareComplianceStatus]

        @in_PolicyName   = @PolicyName,

        @in_ComputerName = @ComputerName,

        @in_SoftwareName = @SoftwareName,

        @in_StartTime    = @StartDate,

        @in_EndTime      = @EndDate,

        @in_TrusteeScope = N'{2E1F478A-4986-4223-9D1E-B5920A63AB41},{582029E2-FC5B-4717-8808-B80D6EF0FD67},{7091A13C-55C3-4E51-B164-8955EE25E1C2},{B760E9A9-E4DB-404C-A93F-AEA51754AA4F},{BBE5AFA7-989C-4C07-88EC-4ECA8599CBB6}'

        --@in_Culture      = '%_culture%'

END

We found several machine which Alitirs agent disappeared from Windows (7,8) system tray. checking that the "Symantec Management Agent" from service stopped to run, even turn it on the agent did't show up, need to execute the AeXAgentActivate.exe to make it appear again. Another machine which require to reinstall agent to make it resume.

Since Aug 2016 we've upgraded from 7.5 to 7.6, SMP managing around 1700~ machine which 95% machine has been upgrade to the latest agent version already. We worry if the agent disappear issue may be getting wores as didn't find much reference information and logging which reflect the root cause. without the agent we totally lack of a interface to understand the healthiness status of the machine, see if anyone have experience or resolution here, thanks a lot!

Since Aug 2016 we've upgraded from 7.5 to 7.6, due to recent security review found that the NSCap folder sharing permission granted to Everyone w/ full control. within our environment Share to everyone is restricted so we need to change to share permission delegation. Replied from support that minimum permission for NSCap required Everyone Read-Only access which this can't help in our enivornment, and we now change to "Authenticated users" group.

But we are wonder if this will trigger another issue, while our evnironment contain mutliple domain(Separate without trusted), testing domain machine only network conntected to production NS so changed to "Authenticated Users" group make them not able to connect NScap folder anymore. So we are not sure what will be the impact when those managed machine access to NScap, for instance we think of agent plug-in may not able to deploy as those plug-in installation stored in that folder.

Any advice is welcome, thanks!

We recenlty upgraded our SMP from 7.6 to 8.0. Everything is working, except that any report that includes a chart\graph breaks with a GDI+ error.

Customized reports, newly created reports. Everything. Taking a working report off of dev and moving it to production, fails. Removing the chart from that report in dev, then exporting\importing it again - works fine.

We run on a virtual environment, so to be sure it was nothing on the application server side, I reverted back to a pre-upgrade snapshot.

This is the only outstanding issue I have left to solve and I am catching some heat from management (because dashboard reports and the pretty graphs are broken) -- anyone who can point me in the right direction would be my new hero.

I am looking to install the agent via command line as I have done in the past but with 8.0 and some newer servers we have with TLS 1.0 disabled it can't communicate with the server.   I have a connection profile where I enabled TLS 1.1 and 1.2 so an agent that is pushed works fine, but that initial communication doesn't seem to work if I try it outside of push or pull.  

I see in the 8.0 agent there is an import communication profile option, but don't see any way to import one during the installation via command line?   Or an option using aexagentutil.exe.

Anyone know of a way?

I am setting up a new 8 environment and testing our dev to get things working before we set up prod and migrate.

Right now I have just the NS and 1 Site Server for dev.

Trying to get clients installed for testing and they are unable to connect to the task server.  The agent is able to download packages from the site server and the task services are running as well.

This is the error I am getting (I changed the thumbprint etc to just xxxx..)

<event date='01/05/2017 09:00:28.9580000 -06:00' severity='1' hostName='Test Machine 1' source='NetworkOperation' module='AeXNetComms.dll' process='AeXNSAgent.exe' pid='3504' thread='1444' tickCount='1575968'>
  <![CDATA[Operation 'Direct: Post' failed. 
Protocol: HTTPS 
Host: dvmaltap001.us.grainger.com:443 
Path: /Altiris/ClientTaskServer/Register.aspx 
Id: 55.3504 
Error type: SMP Server error 
Error code: The server is currently paused (0x8004200E) 
Error note: HTTP Status 200: 200 OK 
Server HTTPS connection info: 
   Server certificate: 
      Serial number: xx xx xx xx 
      Thumbprint: xx xx xxxxxxxxxxxxxxxxxx
   Cryptographic protocol: TLS 1.2 
   Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 
   Cipher algorithm: AES 
   Cipher key length: 256 
   Hash algorithm: SHA384 
   Hash length: 384 
   Key exchange algorithm: ECDH_P256 
   Key length: 256]]>
</event>

Добрый день, я собираю дополнительные данные инвентаризации из файла на компьютерах с помощью скрипта. 
Есть желание так же собирать данные о принтерах и других сетевых устройствах, но так как на них нет агента необходимо переделать скрипт который будет выполняться на сервере Altiris, но передавать блоки данных с нужными GUID устройств.

Файлы для таких устройств я собираюсь хранить на сетевом хранилище доступном для заполнения обслуживающим персоналом. 

Подскажите какими методами мне найти GUID устройства в базе по известному MAC адресу (пункт 2).
как найденный GUID положить в заголовок объекта "Altiris.AeXNSEvent" (пункт 3)
а так же подскажите где почитать про объект "Altiris.AeXNSEvent"и его методы.

структура скрипта 

1. блок чтения данных из файла (имя файла = MAC адресу инвентаризируемого устройства)
2. тут необходимо найти по MAC адресу в базе данных Altiris'a GUID инвентаризируемого устройства
3. тут необходимо передать GUID инвентаризируемого устройства в заголовок объекта nse ("Altiris.AeXNSEvent")

4. далее стандартный код заполнения полей объекта nse и его передача в базу данных. 

'Create instance of Altiris NSE component
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")

' Set the header data of the NSE
' Please don't modify this GUID
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
nse.Priority = 1

'Create Inventory data block. Here assumption is that the data class with below guid is already configured on server
dim objDCInstance
set objDCInstance = nse.AddDataClass ("{24363bf0-ee59-46c9-b0aa-bf9e68229477}")
dim objDataClass
set objDataClass = nse.AddDataBlock (objDCInstance)

'Add a new row
dim objDataRow
set objDataRow = objDataClass.AddRow

'Set columns
objDataRow.SetField 0, NameDevice
objDataRow.SetField 1, Inventory number
objDataRow.SetField 2, Building
objDataRow.SetField 3, Room
objDataRow.SetField 4, Admin
nse.SendQueued

переход к следующему файлу (пункт 1).

We have several site servers with the Task and Package services installed. 

A couple of them are showing as being Not Registered on the Task Status tab.  A couple more are pointing back to the Notification Server as the Task Server.

I have triple-checked that the subnets are correct and that the subnets are assigned to the correct site and the sites targeted by the proper site server.
Is there somewhere else I should be checking?

Also, what is best practice?  Should a Site server be targeting itself as the Task Server if it has the Task services installed?