Symantec Management Platform (Notification Server)

Our distributed IT personnel have full management rights to computers they manage rights applied to the AD import based organizational groups (right click AD Group then Manage Security > Assign Management Rights). These users are not admin users and all permissions are customized.

When they run tasks on these machines and try to click the details icon of that task they are presented with the error "The user doesn't have permission to get this information." I investigated the NS logs and the error generated was this:

<event date="Jan 27 21:23:07 +00:00" severity="1" hostName="NSNAME" source="Altiris.TaskManagement.ClientTask.*" module="w3wp.exe" process="w3wp" pid="25668" thread="301" tickCount="210929578"><![CDATA[BaseXmlHttpCallback Exception: Altiris.NS.Exceptions.AeXSecurityException: User doesn't have permission to view the computer related to this instance.

Any thoughts on this before I contact support?

I saw some crazy stuff awhile back in regards to specific dataclasses not being available to custom security roles. I believe this was for agent pushes, but even though the role had enough rights as checked, they would get denied by not having access to a hidden dataclass that only admins would have right too.

I suspect it's something similar, but I have nothing concreate to offer, sorry.

I am looking through these now and the most likely culprits at first blush seemed to be "Task Summary by Resource" and "Task Summary by Task."  However, the role I am looking at has read access to these so that can't be it.

I'm having the same issue. I've given read and resource read access to everything that looks like it could be blocking this, but I still get the same error as above.

Anybody find a solution for this?

CMS 7.1

"14.04.2011 14:43:48","BaseXmlHttpCallback Exception: Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The current user does not have required permission 'read' to load item '37b0ac4c-bdc1-4fb8-ba4b-eaa1bff30ecb'.
   at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(String message)
   at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem item, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid)
   at Altiris.NS.ItemManagement.Item.GetItem(Guid itemGuid)
   at Altiris.TaskManagement.ClientTask.BaseWeb.RegisterTaskServer.WriteResponse(XmlTextWriter wr)
   at Altiris.TaskManagement.Common.XmlHttp.BaseXmlXmlHttpCallback.WriteResponseRaw(XmlTextWriter xwr)
   at Altiris.TaskManagement.Common.XmlHttp.BaseXmlHttpCallback.ProcessRequest(HttpContext context)","Altiris.TaskManagement.ClientTask.*","w3wp","7"
 

I had this problem as well...

Log File Name: C:\Windows\system32\Altiris Logs\a.log
Priority: 1
Help and Support:
Date: 8/8/2011 3:20:09 PM
Tick Count: 26696248
Host Name: Process: w3wp (4480)
Thread ID: 4
Module: w3wp.exe
Source: Altiris.TaskManagement.ClientTask.*
Description: BaseXmlHttpCallback Exception: Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The current user does not have required permission 'read' to load item 'Task Service (37b0ac4c-bdc1-4fb8-ba4b-eaa1bff30ecb)'.
   at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(String message)
   at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem item, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid)
   at Altiris.NS.ItemManagement.Item.GetItem(Guid itemGuid)
   at Altiris.TaskManagement.ClientTask.BaseWeb.RegisterTaskServer.WriteResponse(XmlTextWriter wr)
   at Altiris.TaskManagement.Common.XmlHttp.BaseXmlXmlHttpCallback.WriteResponseRaw(XmlTextWriter xwr)
   at Altiris.TaskManagement.Common.XmlHttp.BaseXmlHttpCallback.ProcessRequest(HttpContext context)

It turned out being a bad task service installed on two site servers.  I ran the task server install package manually and it removed the task service successfully and the log cleared up.
 

Did you ever solve this issue?

I did yes...the solution was at the end of my last post.

MRenfrow, it looks like the error in your logs is different from powellbc. Are you suggesting that re-installing the task service on the task servers clears the error in the original post? How did you identify the two task servers that had the bad task service?

We had to completey rebuild our NS last April, and in the process redeployed the task server agents to our site servers. It does seem to have fixed the problem!

So might be simply fault task server agents then? I'd hate to rebuild my whole NS just to fix this problem. :(

Hi EMercado,

You should not need to rebuild the entire NS. Just use the Site Server management functions to remove the agents from all site servers, then redeploy your task agents one by one back to the site servers.

We had to rebuild our NS for a different reason (out of control database), not because of this task issue. It's just that the rebuild led us to the same conclusion as MRenfrow above.

Cheers,

Bryan