Monday, 26 January 2009

Windows Boot Manager error after laying down a 2008 r2 or Windows 7 image

Article ID: 45191

Problem/Symptoms

Windows Boot Manager gives the error "winload.exe 0xc000000f " after placing down a 2008 r2 or Windows 7 image.

Resolution

By creating a run script task that runs before capturing the image while in windows, this error should be resolved.

Place the following script into that run script task.

REM Execute BCDEdit and prepare for imaging.
REM Find the system root and append system32 and BCDedit
%SYSTEMROOT%/system32/Bcdedit.exe -set {bootmgr} device BOOT
%SYSTEMROOT%/system32/Bcdedit.exe -set {default} device BOOT
%SYSTEMROOT%/system32/Bcdedit.exe -set {default} osdevice BOOT
shutdown /r

Wednesday, 21 January 2009

How can I collect and report with Altiris on a computer's last reboot time?

Altiris has provided the necessary tools ( custom inventory, reports etc ) on this matter and can be found under

https://kb.altiris.com/article.asp?article=34886&p=1

grtz,

Gert

Monday, 19 January 2009

Manually run Altiris Patch Management Inventory Policies on a client

A command-line utility called "AeXPatchUtil.exe" is a new feature for Altiris Patch Management 6.2. It has been placed in the directory C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent and can be used on a computer with the Altiris Software Update Agent installed to run Inventory policies.

There are four Inventory policies that the above Patch command line utility is supposed to run when used with the "/I" option.

Under the Global folder:

  •   Default Windows OS Inventory Policy
  •   Default Windows Software Release Inventory Policy

Under the Microsoft folder:

  •   Default Microsoft Software Inventory Policy
  •   Default Microsoft Vulnerability Analysis Policy

When the user runs the Patch command line utility AeXPatchUtil /I only three of the four Global and Microsoft policies are run. Currently the Default Windows OS Inventory Policy is being missed. Additional information can be found on https://kb.altiris.com/article.asp?article=29549&p=1

Friday, 16 January 2009

Improving IIS and Altiris Notification Server response times

Article ID: 33499

Applies To     

• AuditExpress 1.3
• Carbon Copy 6.2
• HPCMS 6.1
• Inventory for Windows 6.0, 6.1
• Local Security Solution (LSS)

Some solutions still have debug-mode compiling enabled in their related web.config files. Debug-mode compiling can cause performance problems for any ASP.NET application. In particular, the following debug-mode behaviors impact Notification Server performance:

  • The compilation of ASP.NET pages takes longer (since some batch optimizations are disabled).
    • This can be seen in the initial viewing of each Notification Server console page.
  • Code can execute slower (since some additional debug paths are enabled).
  • Much more memory is used within the application at runtime.
    • This is of particular importance on Notification Servers with 2 GB of physical memory, and large client facing servers with multiple Altiris solutions enabled.
  • HTTP Runtime execution timeouts are enforced

Additional information about debug mode is available at ScottGu's Blog
Note: The current version of Altiris Notification Server utilizes ASP.NET 1.1  It is not currently possible to use the deployment retail="true" setting which is available for ASP.NET 2.

Manual Resolution

Make the following modification to each web.config file that is part of the Altiris installation (\Program Files\Altiris). The change will be implemented as soon as another request to the related page occurs. In most cases, this will involve a visit to the related configuration or task Notification Server console page.

Before (web.config)

<compilation
         defaultLanguage="c#"
         debug="true" />

After (web.config)

<compilation
         defaultLanguage="c#"
         debug="false" />

Automated Resolution

From a command line, execute the utility you can find here https://kb.altiris.com/utility/getfile.asp?rid=2411&aid=33499. It must be copied to the local file system on the Notification Server to meet .NET security requirements. All output will be sent to the console window, and important items will also be sent to the Notification Server log. Any modified web.config file will first be duplicated as "config.original" in the same folder. The utility offers two modes. 
To perform a check to see which web.config files will be modified, use the following command:

DisableWebDebug -check

To update the web.config files, use the following command:

DisableWebDebug -fix

By default, the utility will check the registry for the primary Notification Server installation directory, such as C:\Program Files\Altiris. If necessary, a second parameter can be used to specify an alternate search path as depicted below:

DisableWebDebug -fix "H:\Altiris2"

It is not necessary to restart any services, automatic recompilation will occur upon the next related Web page request.

For some other specific applications of this, see article 25655.

Grtz,

Gert

ps. Feel free to leave a comment if you find this information helpfull and don't forget to click on an AD ;-) , THX once more

Improving the Performance of Altiris NS 7 aka Symantec Management Platform

Article ID: 45092

If the SQL Server is on the same computer as Notification Server, we recommend that you optimize your SQL Server maximum memory settings. This can significantly improve product performance. We recommend 500-1000 MB for a 2 GB memory server and 1000 MB for other servers.

For more information, see Microsoft KB 321363 and KB 319942.

Because the root problem is the amount of memory swapping that takes place, running other applications on the same computer can also contribute to performance issues.

Grtz,

Gert

ps. Feel free to leave a comment if you find this information helpfull and don't forget to click on an AD ;-) , THX once more


How can I force my clients (AClient) to check in to the Altiris Deployment Solution server (or refresh its connection)?

Article ID: 34227

Problem/Symptoms

AClients may show as active in the Deployment Server console but are unresponsive. They may also show as inactive and need to "wake up" to reconnect to the Deployment Server console.

Resolution

Support has created an AClient Tool or AClient Refresh Tool that sends a modified Wake on LAN packet to AClients connected to the Deployment Server to have them check back in. Some customers have found this more useful than the built-in method, but it should be noted that this is not a supported product at Symantec. This is offered as-is and is a very rough tool.  It is attached to this KB.

Instructions
  1. Download the tool https://kb.altiris.com/utility/getfile.asp?rid=2557&aid=34227
  2. The best place to save and run it is on the actual Deployment Server. These instructions will assume as much.
  3. Launch the tool on the Deployment Solution server by double-clicking the executable. No installation is necessary.
  4. Select Load From Database at the top.
    1. The page this loads is to select from the Deployment Solution eXpress database those computers you wish to "wake up".
    2. There are several options that will not be discussed in this article. However, some options include selecting only those computers in an IP Range (via the IP address), and computers that match certain criteria like the Computer Name, if you happen to know one or two computers specifically you want to contact.
  5. Select Use ODBC and then click Connect at the right. When you see your systems populate the viewing area, it has completed.
  6. Select Use Table. Type in a name in the File Name field, and click Save. This saves your selected records out to CSV for later.
  7. Close the Load Database window.
  8. Select File > Load from the top-left of the main product window. Open the CSV file created in step 5.
    1. An additional option is to select the IP Address at the top-left of the main window while performing this step. If you have issues with DSN or WINS, you may find this beneficial.
  9. Click Send Wake on LAN. In the lower window, you will see the process as well as whether or not it succeeds for each client. For those that fail, you may need to do remediation such as determining why it is not turned on or otherwise unable to connect to Deployment Solution.

Grtz,

Gert

ps. Feel free to leave a comment if you find this information helpfull and don't forget to click on an AD ;-) , THX once more

How to reconnect inactive clients to Altiris Deployment Server

rticle ID: 35439

There are a few methods of getting client computers reconnected up to the Deployment Server. Usually after the server has been down for a while and then it starts up, it takes clients a while to reconnect. This is because at first they attempt to reconnect at frequent intervals, but they add longer and longer timers after they receive no response. If these AClients receive a directed Wake on LAN packet from the Deployment Server on UDP 402, they will attempt to immediately reconnect to the Deployment Server.

There is a utility that can be found in article 34227, "How can I force my clients (AClient) to check in to the Deployment Solution server (or refresh its connection)?" This utility can send out a Wake on LAN packet out to AClients and will cause them to reconnect to the Deployment Server.

Sometimes a wake up packet will not cause a client computer to reconnect to the Deployment Server. It could be that the AClient process is not running (the service is stopped), the process could be in a hung state, or in some other state that is not listening to wake ups. In this case, the client computer needs to have the AClient.exe process started or restarted. Doing this on each inactive client can be very time consuming, however, so a process has been made to help automate this.

The VBScript file can be found on https://kb.altiris.com/utility/getfile.asp?rid=2865&aid=35439  and should be started from the Deployment Server to restart AClients on inactive client computers. This script queries the database (using the same ODBC connection that the Win32 console uses) and gets a list of all inactive client computers. It then attempts to connect remotely to the services of each of those computers and stops and restarts the "Altiris Client Service," that is, the AClient.exe process. With each attempt, it also logs to a text file if it was successfull or not with each client computer. This can take a long time if many client computers are disconnected from the network or powered off because of the timeout period for each client.

Grtz,

Gert

ps. Feel free to leave a comment if you find this information helpfull and don't forget to click on an AD ;-) , THX once more

Thursday, 15 January 2009

Remote Troubleshooting of a NS Client - Remote Altiris Agent Diagnostics

A guy on juice has created an application to make our life as Altiris Consultant much easier

“Remote Altiris Agent Diagnostics” allows you to connect into a remotely Altiris Agent managed machine to view all the configurations and troubleshoot without having to RDP into the machine to look at the Agent UI.

Check it out on

http://www.symantec.com/community/download/9801/remote-altiris-agent-diagnostics

and all credits to him !!

Grtz,

Gert

ps. If you find the information usefull please leave a comment and don't forget to click on an AD ;-) , THX once more

Wednesday, 14 January 2009

Altiris Helpdesk Solution Upgrade guide

A Technical white paper on upgrading your Altiris Helpdesk Solution software can be found on the Altiris knowledgebase

https://kb.altiris.com/article.asp?article=24499&p=1

grtz,

Gert

ps. Leave a comment if you found this information helpfull and if you want to "don't forget to click on an AD ;-)"

Altiris Products Ports and Protocols for DS and NS

Information about ports used by Deployment server and Notification Server

https://kb.altiris.com/article.asp?article=1176&p=1

Tuesday, 6 January 2009

Multiple instances of the same filename, but different file path are not reported by Inventory Solution for Windows in Altiris Notification Server

KB 35400

Problem/Symptoms

A Software Inventory scan using AeXAuditPls.exe does not report multiple instances of the same file. The Windows* operating system allows files to be named the same as long as they are in separate folders. As determined by inspecting the auditpls.nsi file on a client computer, files with the same name but different file paths are collected properly by AeXAuditPls.exe and sent to the Notification Server. However, only one of these files is added to the AeX SW Audit Software data class.


Environment

Inventory Solution for Windows 6.1 SP2 (6.1.1075) and all previous versions


Cause

The Notification Server dataloader uses the following properties to determine a unique row to be placed into the AeX SW Audit Software data class (Inv_AeX_SW_Audit_Software_spt and Cmn_SW_Common tables in the database):

  • Manufacturer
  • Product Name
  • Product Version
  • Language
  • File Name
  • File Size
  • InternalName
  • File Description

The dataloader will ignore multiple instances of files that match on these properties. Note that "File Path" in not used to determine uniqueness, which is why only one instance of a file that occurs in multiple folders is inserted into the database.

Also note that since "File Size" is used to determine uniqueness, data files (and executable files) with the same name, but with different sizes, will be inserted into the database. On the odd chance that data files with the same name contain different data, but have the same exact size, only one file will be inserted into the database.


Resolution

This resolution is provided "as is" and has not been reviewed by the developers of Inventory Solution for Windows. It may not be suitable for every environment.

Important: Because this resolution updates the data in the database, back up the Altiris database first.

A change to the DataClassAttribute Table will cause the Data Loader to use "File Path" to determine unique rows to insert into the database. The following SQL query will show the attributes the Data Loader uses to determine uniqueness.

USE Altiris
SELECT * FROM DataClassAttribute
WHERE InvClassId = (SELECT id FROM DataClass WHERE Name = 'AeX SW Audit Software')
ORDER BY AttrId

You can use this SQL statement to change the "File Path" attribute so it is used to determine uniqueness.

USE Altiris
UPDATE DataClassAttribute
SET KeyIndex = AttrId, Nullable = 0
WHERE AttrName = 'File Path'
AND InvClassId = (SELECT id FROM DataClass WHERE Name = 'AeX SW Audit Software')

Note: This change may be overwritten if a upgrade or repair is made to Inventory Solution for Windows.