Event uploads fail - Management Server in a multi-domain environment

Version 1

    Verified Product Versions

    AppSense Management Center 8.7AppSense Management Center 8.6AppSense Management Center 8.5AppSense Management Center 8.4AppSense Management Center 8.3AppSense Management Center 8.2AppSense Management Center 8.1AppSense Management Center 8.0

    Introduction

    When using a multi domain model with a resource domain and a user domain, clients may commonly fail to download packages or upload events.

    Using the example of a single forest with two domains:
    resources.domain.local    contains all resources (servers and clients)
    users.domain.local    contains user accounts

    Events such as the following may be logged on the client machines:

     

    Event Type: Error

    Event Source: AppSense Client Communications Agent

    Event Category: None

    Event ID: 9755

    Description:

    BITS Error 'The Communications Agent failed to upload events.

    The requested URL does not exist on the server.

    The job name is: AppSense Event Uploads

    The remote file name is: http://amc.resources.domain.local/managementserver/Deployment/Events/<guid>/<client>-<datetime>.evt.gz

    The local file name is: C:\Program Files\AppSense\Management Center\Communications Agent\upload\<client>-<datetime>.evt.gz


    Additionally, a diagnostics test from the Management Console will fail with:
    "Test Failied with error The requested URL does not exist on the server"

    Detail

    After running the Server Configuration Utility with an account within users.domain.local, security on the "Deployment" folder will be set to grant permissions for "Domain Computers" from users.domain.local, resulting in machines within resources.domain.local being unable to authenticate to upload events.

    Within the IIS Console, edit the Permissions for "Deployment" application pool and add the 'Domain Computers' group from the trusted domain containing the endpoints with 'Read' and 'Write' permissions.
    Within Active Directory Users and Computers (with 'Advanced Features' enabled), edit the properties of the computer object for the management server, add the 'Domain Computers' group from the trusted domain containing your endpoints with 'Allowed to Authenticate' within the permissions.
    Further details of this can be found at:

    General Details    http://msdn.microsoft.com/en-gb/library/windows/desktop/ms684300%2528v=vs.85%2529.aspx
    Server 2003    http://technet.microsoft.com/en-us/library/cc738653%2528v=ws.10%2529.aspx
    Server 2008    http://technet.microsoft.com/en-us/library/cc816733%2528v=ws.10%2529.aspx

    Alternatively, re-run the Server Configuration Utility using an administrator account from resources.domain.local, security on the "Deployment" folder will then be set to grant permissions for "Domain Computers" from resources.domain.local