Symantec Management Platform (Notification Server)

 View Only

  • 1.  Reporting woes - SMP 7.1

    Posted Jul 19, 2012 12:56 PM

    Since June 26th, users have not been able to view ANY reports, canned or custom, from their remote Console sessions.  They are also not able to open the Patch Remediation Center.  They are able to access ALL other areas of the Console remotely.  When logging into the SMP server via RDC and then launching the Console, both the reports and PRC work fine.

    Remote users, when trying the reports or PRC, are presented with one or two authentication windows.  Sometimes they'll get immediately prompted again for the same credentials, others only once.  In either case, the report never loads and eventually times out (ten minutes) with the following message in red text:

    "The report execution time exceeded server timeout.  Please refresh this page to retry.  If the problem continues please contact your administrator."

    Hitting F5 and clicking OK to two authentication dialogs resulted ONE TIME in the PRC loading successfully, but all other attempts using this method have failed.

    This all worked fine for all users before 6/26/2012.  We've not changed anything in our environment, though a few patches installed on 5/25:

    1. MS12-A03
    2. MS12-042
    3. MS12-036

    Environment: SMP 7.1.8280, operational since 9/2011.  About 3,200 end-user systems, 500 servers.

    Thanks for any help anyone can contribute.



  • 2.  RE: Reporting woes - SMP 7.1

    Posted Jul 19, 2012 01:00 PM

    Please note that date that the three patches applied should have been June 26th, 2012, not May.  June 26th is the day after this problem was first observed.



  • 3.  RE: Reporting woes - SMP 7.1

    Posted Jul 24, 2012 05:41 PM

    Look at loopback check:
    http://www.symantec.com/docs/TECH171807

    It could also be a GPO or other change that's impacted browser security:
    http://www.symantec.com/docs/HOWTO4719

    In general, they should be accessing the NS at the FQDN of the server, and the FQDN should be in the Intranet Zones or Trusted Zones in Internet Explorer.

    You will get prompted at some points if the domain you are logging in from (workstation) is different than the NS (server), even if they have trust.  For example, when managing software resources using the Java UI.

    Let's try to remove the authentication prompts -- they shouldn't be receiving those -- before examining the timeouts.  Do you see anything interesting in the Altiris Log Viewer around the time a user tries to access these areas remotely?