Issue:
Using the SMP on a network with name (DNS) resolution
Resolution:
The Symantec SMP has in most cases a dependency on name resolution. However it does have features which allow regular operation via IP addresses instead of name. Agent install requires name resolution even for IP addresses so adding relevant names and IP addresses to the hosts file on the SMP server will circumvent this issue.
Configuration Steps
Server
- On the NS server put the IP address of the SMP server in this registry location - HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\PreferredNSHost. If the value does not exist, just add a string value called PreferredNSHost to the key HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server and set the value data to the IP address of the SMP server.
- Then go to the Scheduled Tasks folder and run the task "NS.Package Refresh..." scheduled task.
- Then in the Symantec Management Agent Install page, click on Settings and check the box for "Specify different Notification Server" and put http://<xxx.xxx.xxx.xxx> (example: http://10.10.2.139) which should be the IP address of the SMP server being configured, not the number given here.
- Then on the SMP server the hosts file needs to be updated with the IP address and name of the client. Note: this is only for the install action. Management afterward should be via IP address only. This "resolution" only needs to be on the server not the endpoints.
The server is now configured. And this configuration only needs to be done once.
Client
On the client the following needs to be checked.
- In Windows Firewall, Exceptions tab, highlight "File and Printer Sharing", click Edit, verify ports 139 and 445 are checked and the scope for both is "any" [scope change may not be necessary but don't know all the details of the environment and so this is just to make sure]. The scope can be changed by highlighting each row/port one at a time and clicking "Change scope...".
Installation steps
- Now install from the agent install page in the SMP console either by putting in the IP address of a client in the "Add" box or importing a .csv file with the IP addresses [with only one column just a list of the IP addresses with returns in. Not sure right now of the exact column order of the .csv file but that should be in the docs if needed.
If there are problems check the following on the client side:
- In TCP/IP Advanced settings, Options, TCP/IP filtering. Is there any filtering turned on? If there is check to make sure it doesn't interfere.
- In the local area connection properties window do you have "File and Printer Sharing" and "Client for Microsoft Networks"?
- Is Simple File Sharing turned off in Windows Explorer, Tools, Folder Options, View tab, at the bottom of the list?
If there are problems check the following on the server side:
- Just to clarify, we should be able to import a list of machines as IP addresses into the agent install page and then if the names (even if they are repeated) and IP addresses are in the hosts file then the resolution should take place and agents can be installed and managed.