SNAC Enforcer 6100 Appliance and Bad HTTP 400 Request
|Article:TECH132455|||||Created: 2010-01-14|||||Updated: 2012-08-22|||||Article URL http://www.symantec.com/docs/TECH132455|
The Symantec Network Access Control (SNAC) Enforcer 6100 appliance is configured to use the IP address and port of the Symantec Endpoint Protection Manager (SEPM) console. After logging into the SEPM console and selecting the "Administrators" menu tab and then "Servers" the Enforcer appliance icon is not displayed within the manager. During installation of the hardware Enforcer appliance a pre-shared secret key was used.
The SNAC Enforcer appliance icon does not display in the SEPM console and can not receive a profile. The Enforcer appliance may also not accept incoming connections from agent systems.
The Enforcer appliance may also not accept incoming connections from agent systems. Enabling debug logging on the Enforcer appliance will review the following errors in the user.log file:
May/14/2010 09:43:53 [SyVeLink.cpp][ 2263]: Register Enforcer with URL http://126.96.36.199:8014/secreg/secreg.dll?mode=0
May/14/2010 09:43:53 [SyVeLink.cpp][ 3272]: PostRegisterCallback returns code 400, 51 bytes:
May/14/2010 09:43:53 [SyVeLink.cpp][ 3848]: Try get profile/register returns 400, nRetryTimes=1, WaitTime=9000
The issue with the SNAC Enforcer icon not displaying within the SEPM console is caused by a mismatch of the encryption password (pre-shared secret) between the Enforcer and the SEPM console. If the encryption password does not match then the Enforcer appliance will not register with the SEPM console.
Use the same encryption password string (pre-shared secret) that was entered during the SEPM console installation. If the encryption string can not be found the SEPM console will need to be reinstalled and a new encryption string entered. After the reinstallation of the SEPM console is complete then the same encryption string can be entered into the Enforcer console using the command line.
In SNAC versions 11.0 RU6 MP2 and later (including 12.1) the encryption password string can also be entered on the Enforcer appliance using the keyhash, without reinstalling the SEPM. The keyhash can be located in the Kcs="" hex string in any Sylink.xml file.
If the HTTP 400 error is instead seen on the secars.dll profile download request (not the secreg.dll registration request) please see article TECH195367 linked below.
Article URL http://www.symantec.com/docs/TECH132455