Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Problem:

Overview:

The Arellia Agent requests a policy/filter update but is denied by the Server. The issue is caused by policy permissions on the Server.

Detailed:

In the Server Logs (viewed from the Altiris Log Viewer or found in C:\ProgramData\Symantec\SMP\Logs), the logs will have the following error:

Process: w3wp (6028)
Thread ID: 188
Module: w3wp.exe
Source: Arellia.SMP.Common.ClientItemManagerWS.GetClientItems
Description: ClientItemManagerWS.GetClientItemDigestsByType() failed.



( Exception Details: Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The current user does not have required permission 'read' to load item '36abf24e-e3e7-4d12-86a7-bd61be9f204e'.
at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(String message)
at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem item, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid)
at Altiris.NS.ItemManagement.Item.GetItem(Guid itemGuid)
at Arellia.SMP.Common.ContextManagement.ItemContext.??(Guid itemGuid)
at Arellia.SMP.Common.ClientItemManager.GetClientItems(GuidCollection gcClientItems, Guid PlatformGuid, Guid ResourceGuid)
at Arellia.SMP.Common.ClientItemManagerWS.GetClientItems(StringCollection ClientItems) )

The error is stated as "The current user does not have required permission 'read' to load..."

Solution:

  1. First, right-click on a policy that is not being received by the agents and click "Security"
  2. Then change the Role to "Symantec Administrators"
  3. Verify that the "Read" permission check box is checked either inherited or non-inherited. If it is checked then the error is in IIS, if it is not check continue with the following steps.
  4. Close out of the Security Manager.

If you are unable to set permissions using the Security Manager:

  1. From the console, right-click the policy that is not being updated and click "Export"
  2. Edit the .xml policy using Notepad and delete everything between and including <security> tags.
  3. Delete the policy from the Console.
  4. Right-click and select Import and import the saved .xml policy.
  5. Right-click on the newly imported policy and select "Security" and verify that the read permissions have been added.
  6. Repeat the above steps for all policies/filters and folders that do not have the read permission.

After doing the above steps verify that the agent is able to receive the updated policies and filters. The error in the logs should disappear.

  • No labels