If the problem is a conflict with the SEP agent there are two options:

• Uninstall the SEP agent from the DHCP Enforcer machine.
• Leave the SEP agent installed on the machine, but disable the "Symantec Network Access Control" service (SNAC.EXE) from the Windows Services MMC snap-in.
  (the SNAC service is used to enforce endpoints and block machines failing host integrity from accessing the network - it serves no purpose when running on the Enforcer/DHCP-server machine itself)

To verify if the problem is caused by a conflict with the SEP agent SNAC service check which process is keeping port 39999 open.

• Using netstat:
  1. Click <start><run> and type 'cmd' and click "enter". This will bring up a black cmd window.
  2. At the prompt type "netstat -abn | findstr "39999" and hit "enter". This command will return something like this: UDP 0.0.0.0:39999 *:* 2708. 2708 is the Process ID (PID).
  3. Open task manager by right clicking the task bar and selecting 'task manager'. Then, click the 'processes' tab, then click 'view' and 'Select Columns'. Make sure the box next to PID is checked.
  4. Click 'ok'
  5. Look for the PID that was returned from your netstat command in step 2
  6. If the PID points to SNAC.exe, then the SEP agent service is binding to port 39999 before your Integrated Enforcer can.
• Using TCPView
  TCPView is a free tool from Microsoft, part of the Sysinternals suite. It provides a GUI interface to the same information found by netstat above.
  The TCPView tool can be downloaded from: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

If another, non-symantec, service or process is using UDP port 39999 then this process or service will need to be removed or reconfigured in order to allow the Integrated Enforcer to function properly.