IT Management Suite

Hello, I'm having trouble delivering a Windows 11 24/7 image.
After the "Boot to automation Folder" task, the agent no longer communicates with the NS.

After several configuration attempts, we get the following error:

*WARN Server Connection: Failed to connect to NS server, retrying in a minute, error: Communication profile disallows IP protocols enabled on the connected network adapters (0x8FA30007)

Hello , 

There could be multiple reason for this, Please check on below points.

1. Check Communication Profile TLS Settings:
   • On the Altiris Notification Server (NS), navigate to the Site Server Communication Profile settings within the console (usually under Settings > Notification Server > Site Server Settings).
   • Ensure that all necessary TLS versions (e.g., TLS 1.1 and 1.2) are checked and enabled, not just older versions like TLS 1.0. The client machine's network adapter communication must align with the server's allowed protocols.
2. Ensure Network Connectivity and Ports:
   • Verify there are no general network connectivity issues between the client and the NS server.
   • Ensure that the required ports for Altiris communication (e.g., HTTP/HTTPS ports used for the Task Server agent) are open in the operating system firewall and any other internal network firewalls.
3. Rebuild the Automation Folder Installer: If configuration changes were made on the server, the existing Automation Folder installation package might be outdated. Rebuild the installer to incorporate the latest settings:
   • Go to Manage > All Resources > Organizational Views > Default > Resources > Package in the Altiris console.
   • Find the Deployment Automation Folder package(s) and ensure they are updated or recreate the preboot configuration and its associated package.
4. Reinstall Automation Folder (if necessary): If the problem persists on a specific machine, the local installation might be corrupted.
   • Uninstall the Management Agent and Automation Folder from the client machine if it can boot into Windows normally.
   • Reinstall both the agent and the deployment plug-in/automation folder using the updated package from the NS server.
5. Review Agent Logs for Detail: For more detailed troubleshooting, increase the verbosity of the Symantec Management Agent logs on the client machine to get more specific error information (refer to the Broadcom support portal article on agent troubleshooting for specific registry keys). 

Regards,

Rajesh

Hello, I'm having trouble delivering a Windows 11 24/7 image.After the "Boot to automation Folder" task, the agent no longer communicates with the NS.After several configuration attempts, we get the following error:

Hi Sidnei,

This behavior is quite common after Boot to Automation Folder (WinPE) when the system transitions back to the full OS and the Symantec Management Agent can no longer match the active network configuration with its assigned Communication Profile.

The key part of the error is:

Communication profile disallows IP protocols enabled on the connected network adapters (0x8FA30007)

This usually indicates one of the following issues:

1. Network adapter / protocol mismatch after imaging
   After WinPE, Windows 11 may enable different NICs, VLANs, or IPv6 settings than those allowed in the assigned communication profile. If the profile only allows specific subnets, IP versions, or adapters, the agent will block communication.

2. Incorrect or missing communication profile assignment
   The client may still be associated with a profile intended for WinPE or a restricted network segment. Verify that:

   • The production subnet is included in the allowed ranges

   • IPv4/IPv6 settings match what the OS actually uses post-imaging

3. Agent identity or GUID inconsistency
   If the image was captured without a proper agent cleanup, the NS may see the endpoint as a duplicate or mismatched resource, causing profile enforcement issues. Running a full SMA cleanup before image capture is critical.

4. Firewall or network security changes
   Windows 11 24H2 images often introduce stricter firewall defaults. Ensure ports 80/443 (or your custom ports) are open and that no GPO is blocking the agent service after first boot.

Recommended troubleshooting steps:

• Check the assigned communication profile on the NS and confirm it allows the client's current subnet and IP protocol

• Temporarily assign a more permissive profile to validate connectivity

• Verify active adapters and IP stack using ipconfig /all after first boot

• Review aexagent.log and nsagent.log for profile enforcement details

As with any structured deployment process, clarity and consistency are essential-similar to how a well-defined workflow is critical for services like end of tenancy cleaning zurich, where missing a single step can affect the final outcome.

Hope this helps point you in the right direction.

Hello, I'm having trouble delivering a Windows 11 24/7 image.After the "Boot to automation Folder" task, the agent no longer communicates with the NS.After several configuration attempts, we get the following error: