Showing posts with label Version 7. Show all posts
Showing posts with label Version 7. Show all posts

Wednesday, 21 December 2011

Nice to know: 'Devices' view in Altiris Activity Center still shows a client in the (IsManaged='1') search filter even after uninstalling the Symantec Management Agent (AexNSAgent.exe)

Problem
After manually uninstalling the ‘AexNSAgent.exe’ from a discovered and previously manageable client system, the computer is still viewed in the Altiris 'Activity Center' under devices with an 'Installed Agent'
The filter, (IsManaged='1') is used to filter computers and as seen on the attached screenshots, the computers with the AexNSAgent uninstalled are still listed.  However, the icon is not active (grayed out).
Creating a filter set to, (IsActive='1') will NOT show the clients that have had their AexNSAgent.exe files uninstalled.
EXPECTED RESULTS:
If the AexNSAgent.exe file is uninstalled from the managed client, an (IsManaged='0') switch should be sent to the Notification Server to indicate it is no longer being managed. This should be reflected in both Altiris Activity Center and First Time Setup.
Cause
Known Issue. Altiris Symantec Management Agent (SMA or Altiris Agent) does not send any inventory information while uninstall of the agent itself. Only sub-agents (plug-ins) send the inventory information, using the agent which is still exist.
This is actually a design restriction, since the client-side uninstall could be performed when no NS connection is available. In that case we can't send the inventory neither postpone the uninstall process.
Solution
This issue has been reported to the Symantec Development team. They are working in providing a solution for this in a future release.


pls click on an AD if you found this information useful.

thx,

Gert
Posted by at No comments:
Labels: , , , ,

Monday, 19 December 2011

Altiris SQL Database growth issue : InvHist_Policy_Compliance_Status table

Problem

You are facing a database growth issue due to the InvHist_Policy_Compliance_Status table within your Altiris SQL environment.
Cause
Every time a compliance check is ran for a Managed Software Delivery policy a compliance status update is submitted.
When the new status is updated into Inv_Policy_Compliance_Status a copy of all the existing compliance statuses for that client is added to the InvHist_Policy_Compliance_Status table.
How large the table grows all depends on how many MSD policies each client has ran, number of clients running MSD policies, and how often the compliance check is scheduled to occur for each policy.
Solution - http://www.symantec.com/docs/TECH146168
Possible approaches:

  1. Change configuration so this table grows more slowly.
    This can be done by modifying MSD policies, so the policy compliance checks are run less often. If the policy check schedule to occur during a time range, the check may occur multiple times during that time range. So, changing the policy to check at certain times will reduce the number of times the check is perfomed, while accomplishing the desired results. If checks are peformed at specific times, consider how often these checks need to be performed. Perhaps daily or weekly will be sufficient.
    Slowing the growth will reduce the work which is done on the various managed computers, and the amount of data they forward to the SMP server, which the SMP server has to process.
    To see which policy are contributing the most to the recent growth of this table, use first attached SQL; the second query show the computers that are the largest recent contributors.
  2. Disable the saving of this historical information.
    If you have slowed the growth of this table, and it is still growing to rapidly, then you may want to disable the saving of the history for this data class. Note that this table is used by some reports.
    The history settings can be found in Settings\Notification Server\Resource and Data Class Settings\Resource History.
    Disable check box for this data class in history settings. Note that existing table is renamed to InvHist_Policy_Compliance_Status_Backup_1 (or similar). This table is no longer in use and can be deleted/moved to regain space.
  3. Slowing the growth of this table, will not reduce the size of this table immediately. The table should eventually shrink through the normal data class purge processes. But if want to free up this space immediately, then if appropriate precautions are taken, this table can be truncated.
    First perform a complete database backup, prior to implementing the following change.
    Second, the query can be used to truncate the table.
    TRUNCATE TABLE InvHist_Policy_Compliance_Status

Following SQL queries can used to identify the problem
Don't forget to click on an AD if you found this information useful.

thx,

Gert
    Posted by at No comments:
    Labels: , , , ,

    Thursday, 26 May 2011

    Running IE6, IE7 and IE8 Side-by-Side on Windows XP Using Symantec Workspace Virtualization

    More Information and a detailed how-to can be found on this page

    http://www.symantec.com/connect/articles/running-ie6-ie7-and-ie8-side-side-using-symantec-workspace-virtualization

    Symantec Workspace Virtualization is the successor of the Altiris Software Virtualization Solution ( SVS )

    If you find the information usefull please leave a comment and don't forget to click on an AD, thx !
    Posted by at No comments:
    Labels: , , , ,

    Friday, 11 February 2011

    Symantec Altiris PcAnywhere Solution fix 31/1/2011 - The Domain drop-down list is empty, multiple domains are not listed, or "No Data" is displayed– Fix

    Problem

    In the Symantec Management Console (SMC) under the Authentication tab of the pcAnywhere Settings policy for Windows, the Domain drop-down list is empty.  Or, if multiple domains should be listed, they are not.  In addition, "No data" may be displayed in the grid where Active Directory users and groups should be present.
    Also, on a managed client computer with the pcAnywhere Solution plug-in installed, the following error may appear at startup:

    "The pcAnywhere host you are attempting to run is configured for caller authentication, but no caller items could be found.
    You must define at least one caller before you can use this host item."

    Environment

    pcAnywhere Solution 12.5 in an Active Directory (AD) environment

    Cause

    There are multiple causes for this behavior.  Here is a list, presented in the recommended order for troubleshooting:

    1. There was a defect in pcAnywhere Solution which results in a delay in populating the active directory information, or a timeout, or an error, when the Add button is clicked within the Authentication tab of the "pcAnywhere Settings - Windows" policy or a clone of it.
    2. The SMP server is not properly joined to an Active Directory domain.  A possible contributing factor is that the server has been recently rebuilt without first deleting the computer account from AD.
    3. You are attempting to add callers from a different domain than the one to which the Symantec Management Platform (SMP) server belongs, and a proper trust relationship is missing.
    4. NetBIOS over TCP/IP is disabled on the Symantec Management Platform server.
    5. The Notification Server cannot fully communicate with the domain.
    6. During installation of the SMP, the Application Identity specified was a local account rather than a domain account.
    Solution
    1. Attached to this article is the latest patch for pcAnywhere Solution 12.5 SP2 (Symantec.pcA.Web.dll_Jan312011.zip).  Inside the zip file is Symantec.pcA.Web.dll.  This latest patch contains a fix to a memory exception error, plus the latest optimizations in the code for browsing AD.  Please apply this latest patch over previous versions of the patch.

      Before copying the new Symantec.pcA.Web.dll to the Symantec Management Platform server, close all instances of the Symantec Management Console.  Copy the original file from C:\Program Files\Altiris\pcA\Web\Bin into a completely separate folder (do not paste the copy into the original folder). Then overwrite the existing file with the new file. Ensure that there are no extra copies of the file in the C:\Program Files\Altiris\pcA\Web\Bin folder.  Finally, open a Command Prompt and run the command "iisreset".  The command should return "Internet services successfully restarted".
      Note that with this new file, the "Add Users or Groups" console page will initially display the first 100 AD user objects, while the thread which queries AD is still running. Eventually, once all of the AD user and group objects have been returned to the console, it will be possible to scroll down and to search for the object. The number of AD objects will affect the duration of the query.  Clicking the scroll bar to the right of the window will show the number of user and group objects that have been retrieved to that point.

    2. To test for the second Cause listed above, verify domain membership of the SMP server.  One method of verification is to open My Network Places and check that the expected domain(s) are visible and available for browsing.  A blank Domain entry in the SMC has been reported when the expected domain(s) were not browsable from My Network Places. 
      To resolve this, it may be necessary to temporarily configure the server to be a member of a workgroup, reboot the server, delete the computer account from AD, and then join the server to AD.
    3. To resolve the third Cause listed above, ensure that a proper trust relationship exists from the domain containing the SMP server to any other domains that you plan to specify for caller authentication.  As noted immediately above, a simple test that the domains trusts are properly configured is to open My Network Places on the SMP server and check that the expected domains are visible and available for browsing.  Also, see the article "Cross-forest (or cross domain) authentication issues when accessing the Altiris Console", TECH133262, for information about issues found with the SMP core in case they impact pcAnywhere Solution.
    4. You will need to enable NetBIOS on the server ("Enable NetBIOS over TCP/IP" under Advanced TCP/IP Settings).
    5. This does not indicate a product issue.  As a test,  try to add a domain user or group to the local administrators group directly on the NS server.  If unable to find the user/group, there may be a problem related to Active Directory (browsing, domain membership of the NS, trusts, etc.). Resolve communication, trust, and permissions issues between the NS and the domain controller.
    6. To check that the last Cause listed above is the problem, open the SMC and click Settings > All Settings > Notification Server > Notification Server Settings.  The Processing tab has an Application Identity section.  If the User shown is not in the form of DOMAINNAME\username, then a local account was provided during the initial installation of the SMP.  The pcAnywhere Solution browses the Active Directory using the context of the Application Identity, so the Application Identity must be an Active Directory account in order to browse Active Directory.
      The following steps are based on Method 3 from the following Knowledge Base article:
      How to change Application Identity in NS7.
      WARNING: There are several places to check when changing the Application Identity, and mistakes can result in failures of services to start and failures accessing the SQL database!  Symantec recommends a full server and database backup before proceeding with the steps below.  Please contact Symantec Technical Support with any questions prior to proceeding with these steps...

      A.  In Active Directory Users and Computers, create the account that you plan to use as the new Application Identity and leave it a member of the Domain Users group.
      B.  On the SMP server, add the new domain account to the local Administrators group.
      Verify that the domain account can login to the SMP server, and can login to the SMC.

    C.  Open the SMC and click Settings > All Settings > Notification Server > Notification Server Settings
    Change the Application Identity to your domain account in the format DOMMAINNAME\username, provided the password twice, and click OK (the OK button is located in the lower-right corner of the page).

    D.  In the SMC click Settings > All Settings > Database Settings.  Verify that "Use application credentials" is selected (this is the default). If it is not selected then ensure that the database credentials are valid. 

    E.  In the SMC, click Settings > Security > Roles > Symantec Administrators > Membership tab.  Verify that the domain account specified as the new Application Identity appears here.

    F.  In the Service management console on your SMP server, look at the Log On As column.  If any of the services listed show the old local account under this column, right-click service, click the Log on tab, and set the "This account" value to the domain account you specified for the Application Identity in the format DOMMAINNAME\username.  Also, set the correct Password and Confirm Password values.  Click OK.
    Following is a list of services to check:  Altiris Client Message Dispatcher, Altiris Client Task Data Loader, Altiris Event Engine, Altiris Event Receiver, Altiris File Receiver, Altiris Object Host Service, Altiris Service, Altiris Support Service.

    G.  On your SMP server (or your SQL server if this is an off-box implementation), check whether the following services are configured to run as the old local Application Identify account:  SQL Server (MSSQLSERVER), SQL Server Agent (MSSQLSERVER), SQL Server Browser, SQL Server Full Text Search (MSSQLSERVER).  If they are, similar to the step above, configure those services to run as the new domain Application Identity.
    H.  On your SMP server (or your SQL server if this is an off-box implementation), open Microsoft SQL Server Management Studio and click SERVERNAME > Security > Logins.  Add the domain account used for the new Application Identity.   Under Server Roles for that user, add both "public" and "sysadmin" roles and click OK.
    Once you have made these changes, reboot your SMP server and verify that all of the services you changed have started.  If a service fails to start, then correct the account and password used to start the service as shown above.  Finally, verify within the SMC that you can now add users and groups from the Active Directory to the Authentication tab for the pcAnywhere host configuration policy.

    Fix can be downloaded on

    http://www.symantec.com/docs/TECH41883

    Posted by at No comments:
    Labels: , ,

    Tuesday, 26 October 2010

    Symantec Altiris - Find all tables that contain a specific GUID

    A very nice knowledgebase article which can help you during troubleshooting. Works for version 6 and version 7.

    The following SQL script will traverse an Altiris database and find all tables in which a specified GUID appears. It reports both the table and the column. The only requirement is to change the value of the guid being searched (Under the line that reads "Enter Search Guid here")

    http://www.symantec.com/docs/HOWTO1191
    Posted by at No comments:
    Labels: , , , , , , , ,

    Sunday, 17 October 2010

    Creating new IIS application pools - the magic solution to SMP 7 slow console operations?

    A howto can be found here

    http://www.symantec.com/connect/blogs/creating-new-iis-application-pools-magic-solution-smp-7-slow-console-operations

    Additional Knowledgebase Information:

    http://www.symantec.com/docs/HOWTO4592

    Posted by at No comments:
    Labels: , , ,
    Subscribe to: Comments (Atom)