I have this turned on now with in the advance tab I selected the communication profile for the new server.
I put the clients that I want to move into the target group and it runs but gives 403 error.
Cannot change the server to 'https://NewNS:443/altiris', error: HTTP status 403: The client does not have sufficient access rights (0x8FA10193)
Configure Server Mode: Failed to receive server version from 'newns'
Request 'HTTPS://newns:443/altiris/NS/Agent/ConnectionTest.asp' failed, COM error: HTTP status 403: The client does not have sufficient access rights (0x8FA10193)
Host: newns:443
Path: /altiris/NS/Agent/ConnectionTest.asp
Connection Id: 2.328
Communication profile Id: {DE2C241B-BA08-486B-A0E5-4A7409827070}
Throttling: 0 0 0
Error type: HTTP error
Error code: HTTP status 403: The client does not have sufficient access rights (0x8FA10193)
Error note: 403 Forbidden
Server HTTPS connection info:
Server certificate:
Serial number: 2d 59 32 e4 5d 2d e6 a8 46 c3 b4 cb 94 e9 9c 73
Thumbprint: 48 95 9f c4 5d 08 8b 5a aa a6 c1 be 6b f2 c5 86 cc ea c3 2f
Cryptographic protocol: TLS 1.2
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm:
Hash length: 0
Key exchange algorithm: ECDH
Key length: 255
Calling NS server endpoint 'HTTPS://newns.com:443/altiris/NS/Agent/ConnectionTest.asp', ID: {0D9D9CB4-C19A-4E16-A3CC-98940ED043D0}
Calling NS server endpoint 'HTTPS://newns443/altiris/NS/Agent/ConnectionTest.asp', ID: {0D9D9CB4-C19A-4E16-A3CC-98940ED043D0}
I have made sure by going into the Diagnostic mode on the client that the permanent Certs for the newNS are on there along with the Old NS in the trusted root .
I have also made sure that in the IIS the settings are correct for the getcerrificate for both the default site agent and the CEM Site agent
I created a software package to deliver and import the Communication profile for the new NS.
I have run both from a command prompt and from the Diagnostic mode the switch server and still get the same errors.
I have searched through much of the Symantec / Broadcom documentation and most keep pointing back to the same articles that are above.
I did see that one person in 2019 was having pretty much the same issue and there was no resolution just the same articles referenced.
If you have any other suggestions other than the ones above or have tricks or perhaps I am missing a setting please let me know.
I will say that I have one client that has worked twice. I imported the communication profile and then ran the switch server from the diagnostic mode. 1st time it seemed to work without a problem.
After uninstalling the client and reinstalling the old client again I was running into the same issues listed above. Then I let it set for a couple of hours and when I came back to it it had changed to the new server.
With another client that is on the LAN it never did move. Just the errors 403.. insufficient permissions.
Thanks for your help in getting this resolved. I am sure you will be helping others as well.