How to enable Enforcer On-Demand functionality with a French SEPM

Article:TECH184771  |  Created: 2012-03-26  |  Updated: 2013-01-31  |  Article URL http://www.symantec.com/docs/TECH184771
Article Type
Technical Solution


Issue



The Symantec Network Access Control (SNAC) Gateway Enforcer does not accept special or accented characters when specifying a Client Group for the On-Demand client.

In a French Symantec Endpoint Protection Manager (SEPM) console the Client Group would typically be "Ma Société/On-Demand". How can On-Demand functionality be enabled while the "é" character is in the group name?

 


Solution



French builds of the SEPM from 12.1 RU2 onwards will use a "My Company" translation without accent characters ("Mon entreprise"). For installations based on older builds, please follow the steps below.

 

The below steps outline a workaround, by uploading the configuration files via TFTP for editing on a separate system.

 

  • Connect the Enforcer to the SEPM (if not done already):
    # conf spm ip x.x.x.x http 8014 key xxxx group xxxx
  • Once connected, configure the On-Demand domain:
    # on-demand spm-domain name Default
    If the Default domain also has special characters (ie. "Par défaut") the domain can instead be specified using its ID string (press tab to have the Enforcer CLI auto-complete the string).
    # on-demand spm-domain id 32AB............................
     
  • Set an On-Demand client-group name, using the correct name of the group in the SEPM but without the special characters:
    # on-demand client-group "Ma Societe/On-Demand"
    (Do not type in the final "on-demand enable" command at this stage)
     
  • Switch to the Enforcer Linux prompt and upload two configuration files to a separate machine running a TFTP server:
    # linux  (or press alt-F2 to change to a linux prompt)
    (log on to the linux prompt using the same root credentials used to access the Enforcer CLI)
    [#] cd /etc/x-ray/download/
    [#] tftp -m binary x.x.x.x -c put preferedgroup.conf
    [#] tftp -m binary x.x.x.x -c put sylink.xml
     
  • Edit the files to enter the special characters - making sure that:
    • The files are edited in UTF-8 mode
      (most text editors will auto-detect this for sylink.xml, but may need to be manually configured for preferedgroup.conf)
    • Do not add a linefeed after the group name in preferedgroup.conf
      (some editors do this by default)
  • (both steps are essential for a successful connection)
  • (replacing "Societe" with "Société" should increase each file in size by exactly 2 bytes)
     
  • Download the edited files back to the Enforcer:
    [#] tftp -m binary x.x.x.x -c get preferedgroup.conf
    [#] tftp -m binary x.x.x.x -c get sylink.xml
    [#] exit (or press alt-F1 to switch back to the default Enforcer CLI)
     
  • Finally enable the On-Demand functionality and connect to the SEPM:
    # on-demand enable
  • Verify the On-Demand connection to the SEPM:
    # on-demand show status




Article URL http://www.symantec.com/docs/TECH184771


Terms of use for this information are found in Legal Notices