Invalid configuration when using Native Configurations (AMC) and old configuration assigned via GPO

Version 1

    Verified Product Versions

    Management Center 8.6Application Control 8.8Application Control 8.6


    When using the "Native Configuration" option to deploy configurations (introduced in Management Server 8.6 and supported by Application Manager 8.8 and later), if a Group Policy exists with an older configuration, the two configurations may be merged and create and invalid configuration



    When configurations are assigned via Active Directory, they trigger the endpoint merging feature of the Application Manager agent.
    If, for example, an Application Manager 8.6 configuration is saved to a group policy object, but an Application Manager 8.8 configuration is assigned via the Management Server, the client will attempt to merge both configurations which may cause unexpected results.

    Evidence of this cab be seen by the presence of recent versions of the following files:

    • %ProgramData%\AppSense\Application Manager\Configuration\last_merge_manifest.xml
    • %ProgramData%\AppSense\Application Manager\Configuration\merged_configuration.aamp
    • %ProgramData%\AppSense\Application Manager\MergeConfigs\{GroupPolicyGuid}.aamp

    The last_merge_manifest.xml will contain reference to a configuration name using a GUID that matches the MergeConfigs subfolder, and the Policy, ie:
    \\DomainController\sysvol\Domain\Policies\{GroupPolicyGuid}\Machine\AppSense\Application Manager\860\Configuration.aamp

    The Name attribute in the above XML file will show the GUID:

    Remove (or unlink) the Group Policy that contains the older Application Manager configuration