Symantec Integrated DHCP Enforcer: "Failed to get RADIUS reply for the client."
| Article:TECH105836 | | | Created: 2008-01-09 | | | Updated: 2008-01-09 | | | Article URL http://www.symantec.com/docs/TECH105836 |
Problem
The Symantec Integrated DHCP Enforcer shows the following error message in the client log: "Failed to get RADIUS reply for the client."
Symptoms
The Enforcer has connected to the Symantec Endpoint Protection Manager (SEPM) server properly, and shows a green light in the Enforcer GUI.
- Clients are not Authenticated by the Enforcer
- The Enforcer client log contains the message "Failed to get RADIUS reply for the client."
Solution
This error is seen when the Enforcer does not receive a reply to the RADIUS authentication requests it sends to the SEPM server. It may be caused by one of the following:
- Something on the network is blocking communication on UDP port 1812 between the Enforcer and the SEPM server.
- Use packet capture software on both the Enforcer and SEPM server machines, to determine at what point the communication fails.
- The RADIUS request will show up as source port: UDP 39999, destination port: UDP 1812, RADIUS Access-Request in the packet capture.
- Troubleshoot network connectivity - is there a firewall between the Enforcer and SEPM server blocking the traffic?
- Refer to knowledge base document: 2007090614430148: Which communication ports does the Symantec Endpoint Protection Manager 11.x use?
- Something is preventing the SEPM server from listening on UDP port 1812, so it never receives the RADIUS request from the Enforcer.
- Make sure there is no other RADIUS software running on the SEPM server
- Verify that the process listening on UDP port 1812 is "w3wp.exe" (The command line "netstat -abn" or the Microsoft Sysinternals tcpview.exe tool can be used to verify this).
|
|
Legacy ID
2008090911241448
Article URL http://www.symantec.com/docs/TECH105836
Terms of use for this information are found in Legal Notices
Thank you.