Enforcer appliance is unable to register with SEPM

Article:TECH155239  |  Created: 2011-03-10  |  Updated: 2011-07-26  |  Article URL http://www.symantec.com/docs/TECH155239
Article Type
Technical Solution


In an Symantec Network Access Control (SNAC) 11.0 environment with a large number of Enforcers already connected to a Symantec Endpoint Protection Manager (SEPM) server, new Enforcers are failing to register to the manager.


Logs on the Enforcer side show that it repeatedly receives a HTTP 500 error from the SEPM:

Failed to register enforcer!
                Try to get profile/register returns -1
                PostRegisterCallback returns code 500, 51 bytes:


Before registering a new Enforcer appliance SEPM verifies the new registration data against each existing Enforcer already registered in the database. With a very large number of Enforcers present in the SEPM database, the time required for this verification may be longer than the Enforcer registration timeout.

The problem can be made worse over time by a buildup of ObsoleteItem entries for each existing Enforcer in the SYSTEM_STATE table. The Microsoft SQL Profiler can be used to verify if SEPM is sending a very large amount of queries to the database requesting entries in the SYSTEM_STATE table while an Enforcer is attempting to register.



The Enforcer registration process has been optimized in the RU7 release of the product. If an Enforcer appliance has already been upgraded to RU7 (or later) and still displays this problem, please contact Technical Support.


Article URL http://www.symantec.com/docs/TECH155239

Terms of use for this information are found in Legal Notices