Symantec Integrated DHCP Enforcer: "Failed to get RADIUS reply for the client."

Article:TECH105836  |  Created: 2008-01-09  |  Updated: 2008-01-09  |  Article URL
Article Type
Technical Solution



The Symantec Integrated DHCP Enforcer shows the following error message in the client log: "Failed to get RADIUS reply for the client."

The Enforcer has connected to the Symantec Endpoint Protection Manager (SEPM) server properly, and shows a green light in the Enforcer GUI.
  • Clients are not Authenticated by the Enforcer
  • The Enforcer client log contains the message "Failed to get RADIUS reply for the client."


This error is seen when the Enforcer does not receive a reply to the RADIUS authentication requests it sends to the SEPM server. It may be caused by one of the following:
  • Something on the network is blocking communication on UDP port 1812 between the Enforcer and the SEPM server.
    • Use packet capture software on both the Enforcer and SEPM server machines, to determine at what point the communication fails.
    • The RADIUS request will show up as source port: UDP 39999, destination port: UDP 1812, RADIUS Access-Request in the packet capture.
    • Troubleshoot network connectivity - is there a firewall between the Enforcer and SEPM server blocking the traffic?
    • Refer to knowledge base document: 2007090614430148: Which communication ports does the Symantec Endpoint Protection Manager 11.x use?
  • Something is preventing the SEPM server from listening on UDP port 1812, so it never receives the RADIUS request from the Enforcer.
    • Make sure there is no other RADIUS software running on the SEPM server
    • Verify that the process listening on UDP port 1812 is "w3wp.exe" (The command line "netstat -abn" or the Microsoft Sysinternals tcpview.exe tool can be used to verify this).

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices