Searching...
Filters
SmallMediumLarge
Home Print Show Topic URL Previous Next
IT Management Suite
Client Management Suite
Server Management Suite
Deployment Solution
Asset Management Suite
ServiceDesk

Troubleshooting installation issues

ITMS Installation and Upgrade

The troubleshooting tips related to the installation and configurations of the IT Management Suite 7.5 SP1 are as follows:

Table: Troubleshooting installation issues

Issue or error message

Description

Workaround

The following error message appears:

Symantec Installation Manager failed to initialize. See log for details.

The Symantec Installation Manager is not compatible with the Federal Information Processing Standard (FIPS). The FIPS cryptographic module conflicts with the Installation Requirements Checks (IRCs), which are encrypted.

To execute the Symantec Installation Manager on a server, you must to disable FIPS on that server.

For information on how to disable FIPS on the server, see the following article:

TECH159352.

The following error message is displayed:

The certificate failed the validity tests.

Exception occurs in the Symantec Installation Manager when an invalid certificate is imported.

The SSL certificate that you imported using the Symantec Installation Manager does not pass the validation compliance points.

You must ensure that the SSL certificate that you use for configuring HTTPS communication passes the following validation compliance checks:

  • Certificate is not between the not before and not after dates.

    The SSL certificate is valid between the from to date and up to date, and these certificate validity dates must be configured correctly.

  • Certificate must use supported signature algorithm.

    The SSL certificate passes the validation compliance if any of the following hash sets is used in the signature algorithm: sha1RSA, sha256RSA, sha384RSA, sha512RSA.

  • Certificate must use supported key exchange algorithm.

    The SSL certificate must support the RSA-PKCS1-KeyEx key exchange algorithm.

  • Certificate name must contain the local system Fully Qualified Domain Name (FQDN).

    The Subject Alternative Name (SAN) of the SSL certificate must contain the FQDN of the computer where you plan to install the IT Management Suite.

  • Certificate key exchange key must not too small: Minimum recommended 1024.

    The key exchange of the SSL certificate must be greater than or equal to 1024 bits.

  • Extended Key Usage information is present and it must indicate that the certificate support server authentication.

    The SSL certificate must have the Extended Key Usage information with the Server Authentication key set to 1.3.6.1.5.5.7.3.1.

  • Certificate must have a valid signature.

    The SSL certificate must be valid as per the cryptography principles.

The Symantec Installation Manager throws validation errors if the SSL certificate does not pass any of the validation checks.

The following error message is displayed:

The certificate failed the validity tests.

Exception occurs in the Symantec Installation Manager when an invalid certificate is imported.

The SSL certificate that you imported using the Symantec Installation Manager does not pass the validation compliance points.

Additionally, you must ensure the following points while importing a valid SSL certificate using the Symantec Installation Manager:

  • A certificate with .pfx file extension must be selected for import.

    Symantec recommends that you do not import a .cer file type.

  • The .pfx certificate file must be password protected.

    The password can be entered when you import the SSL certificate.

  • The SSL certificate must be a trusted certificate.

    Symantec recommends that you do not import a certificate that is not a trusted file. For example, a file that shows the following error message:

    This certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store.

The IT Management Suite (ITMS) installation or upgrade fails if the Symantec Management Platform website is configured to Require SSL option with Client Certificates: Require option.

After the Symantec Management Platform (SMP) website is configured to Require SSL option with Client Certificates: Require option in the Internet Information Services (IIS) Manager, the configuration does not start and the installation process or the upgrade process fails. Additionally, a forbidden (403) error is displayed and an associated warning is reported in the Altiris Log Viewer.

Workaround: Before you start a fresh installation of ITMS solutions or an upgrade to ITMS 7.5, you must check the SSL configuration for SMP website. In the IIS Manager, for the SMP website, ensure that you do not select the Client Certificates: Require option when the Require SSL option is selected.

For more information on IT Management diagnostics tools, download the IT Management Suite Technical Resource Kit at www.symantec.com/docs/HOWTO77027.