Hello,
We are trying to configure the Altiris and SEP integration in order to may put computers on quarantine whenever the computer does not have the CVEs that we consider should have.
Everything has been configured, either in altiris and SEPM. In fact in SEPM we have launched the Host Integrity policy and it worked fine, but whenever we try to run the policy in Altiris, we are getting errors. According with Log Viewer the error is "Unauthorize".
The computers are correctly setting up as "quarantine" but when Altiris send the command to SEPM it fails:
Exception occurred while processing quarantine/reverse quarantine device commands: An error occurred while sending quarantine/reverse quarantine device[Altiris.NS.Exceptions.AeXException @ Symantec.SEPHostIntegrityManagement]at Symantec.SEPHostIntegrityManagement.RestHandler.SEPMActionProvider.QuarantineUnquarantineDevices(String requestUrl, ISEPMRestClient restClient)at Symantec.SEPHostIntegrityManagement.Actions.QuarantineActionHelper.SendRequest(ISEPMActionProvider sepmActionProvider, IEnumerable`1 lstOfDevices, Int32 quarantine)An error occurred while calling the quarantine/reverse quarantine device api with HTTP code: Unauthorized[Altiris.NS.Exceptions.AeXException @ Symantec.SEPHostIntegrityManagement]at Symantec.SEPHostIntegrityManagement.RestHandler.SEPMActionProvider.QuarantineUnquarantineDevices(String requestUrl, ISEPMRestClient restClient)Exception logged from: at Symantec.SEPHostIntegrityManagement.Actions.QuarantineActionHelper.SendRequest(Symantec.SEPHostIntegrityManagement.RestHandler.ISEPMActionProvider, System.Collections.Generic.IEnumerable<Symantec.SEPHostIntegrityManagement.Action.ResourceGuidToComputerIdMapping>, Int32)at Symantec.SEPHostIntegrityManagement.Actions.QuarantineActionHelper.SendQuarantineCommand(Symantec.SEPHostIntegrityManagement.RestHandler.ISEPMActionProvider, System.Collections.Generic.List<Symantec.SEPHostIntegrityManagement.Action.ResourceGuidToComputerIdMapping>, Int32)at Symantec.SEPHostIntegrityManagement.Actions.QuarantineActionHelper.PerformAction(System.Collections.Generic.Dictionary<System.Guid,Symantec.SEPHostIntegrityManagement.Model.QuarantineDetails>, Boolean)at Symantec.SEPHostIntegrityManagement.Actions.QuarantineActionProcessor.TriggerComplianceEvaluationOnAssessmentResult(System.Guid)at Symantec.SEPHostIntegrityManagement.Messages.PatchDataclassChangeMessageSubscriber.OnNSMessage(Altiris.NS.Messaging.INSMessage)at Altiris.NS.Messaging.NSMessageQueue.NotifySubscriber(System.Guid, Altiris.NS.Messaging.INSMessage)at Altiris.NS.Messaging.NSMessageQueue.NotifySubscriberEntry(Object)at Altiris.Common.Threading.BalancedThreadPool.ExecuteWorkerRequest(Altiris.Common.Threading.BalancedThreadPoolWorkerState, Altiris.Common.Threading.BalancedThreadPoolWorkerRequest)at Altiris.NS.Threading.NsBalancedThreadPool.ExecuteWorkerRequest(Altiris.Common.Threading.BalancedThreadPoolWorkerState, Altiris.Common.Threading.BalancedThreadPoolWorkerRequest)at Altiris.Common.Threading.BalancedThreadPool.ThreadPoolProc(Object)at System.Threading.ThreadHelper.ThreadStart(Object)User [ALTIRIS-USER], Auth [ALTIRIS-USER], AppDomain [AeXSVC.exe]During the configuration on Altiris site we have used a user created in SEPM for this porpuse to make the integration with SEPM servers, but we are not sure if this user is the one used by Altiris to make the call to the API in SEPM.
We cannot use the admin user of SEPM because internal control of our company.
Could someone explain us better how the connectivity between Altiris and SEPM is done? what user is used by altiris? Should we create in SEPM console the service account used by Altiris:
ALTIRIS-USER?
Thanks a lot in advance.