Error: Enforcer running mode does NOT match the preferred group!

Article:TECH153868  |  Created: 2011-02-21  |  Updated: 2011-02-21  |  Article URL
Article Type
Technical Solution


When attempting to connect an Enforcer appliance to the Symantec Endpoint Protection Manager (SEPM) in Symantec Network Access Control (SNAC) 11.0 you see the following error in the console log:

Enforcer running mode does NOT match the preferred group!


This error indicates that an Enforcer appliance is trying to register to a SEPM Enforcer group created for a different type of Enforcer; for example, registering a Gateway Enforcer or DHCP Enforcer to an existing LAN Enforcer group on the SEPM may cause this error.


Register the new Enforcer appliance with a different Enforcer group name; either a new group or an existing group containing only Enforcers of the same type (Gateway, DHCP or LAN).


The group name is set as a parameter on the Enforcer command line spm string when configuring the SEPM server to connect to.

In the Enforcer appliance CLI, use the following commands:

  • configure
  • spm ip group GW_ENFORCER_GROUP key Sh@redSecret http 8014

Article URL

Terms of use for this information are found in Legal Notices