Video Screencast Help

Lan Enforcer not connected to policy manager

Created: 08 Mar 2012 | 6 comments


I have encounter some problem while trying to get my lan enforcer to connect to my SEPM.

I am cuurrently runnning SEPM v12.1 and my Lan Enforcer is also on v12.1.

When i run configure spm ip <ipaddress> group <group> HTTPS <port> key <shared secret>, and after that i run show status command, it reflected

Policy Manager Connected : NO

Enforcer Status :Online

Over at my SEPM, its reflecting online. but it seems that my Lan enforcer is not able to grab the configurations.

Please asist.


Comments 6 CommentsJump to latest comment

Michael Lu's picture


Can you make sure the Lan Enforcer is able to connect to the SEPM by running a ping? On the SEPM side, run another ping and make sure it can reach the enforcer.

You can also try HTTP rather than HTTPS, see if that works. Also, it might help if you reboot the enforcer.


Michael Lu

 Sharing ones interests with others is a person's greatest happiness

Paranormal's picture

Both my Lan enforcer and SEPM is able to ping each other, and i have tried reboting my Lan Enforcer. Seems like its still the same.

I have configured my Lan Enforcer to join back to my SEPM using HTTP but its not working.

Over at my SEPM, i am able to see the Lan enforcer is online but the lan enforcer is just not connected to the Policy manager.


Robocop's picture

Check if the Pre-shared secret key entered via spm ip <ipaddress> group <group> HTTPS <port> key <shared secret>,is the same.

If the Key entered is different LE will not able to communicate with SEPM.

In SEP 11 There is no way to get the Pre-shared key. We need to re-install SEPM again.

Bonier's picture

I have encountered same problem while trying to get my lan enforcer to connect to my SEPM.However I can see  Lan enforcer is successfully communicated to policy manager and its  online .  So i dont think its an issue with  Pre-shared secret key

We are cuurrently runnning SEPM v12.1 and my Lan Enforcer is also on v12.1. 

Chuck Edson's picture
  1. Pull a packet capture from the Enforcer capture>filter>all, then capture>start
  2. Wait a few minutes, then hit ESC to stop the capture.  Note filename. 
  3. Start a TFTP server that the Enforcer can connect to
  4. Send the file to the TFTP server "capture upload tftp [ip address of TFTP server] filename [actual filename, no path needed].  Note that you need the word "filename" before the file's name.
  5. Open the capture file with Wireshark
  6. Note any http errors from the SEPM.  400 errors point to a bad shared secret.
  7. You can "recover" a shared secret in more recent builds -- call support or PM me to get the instructions
  8. Make sure that the SEPM site is actually listening on 8014
  9. Try deleting the Enforcer in the SEPM and re-run the SPM command
  10. Make sure that you are connecting to the SPM using the correct Ethernet port, especially if you have the failopen NIC (there are 6 eth ports on an Enforcer that has the Failopen NIC, I have seen many people use the wrong one).

If a post helps you, please mark it as the solution to your issue.

Paranormal's picture

This problem occurs to me again after it has been successfully connected to the SEPM. Right now my Lan enforcer is not able to get connected to the policy manager. On my SEPM, i found some of the error logs regarding the Lan enforcer

May i know what does they mean?

java.lang.NullPointerException     at com.sygate.scm.server.task.EnforcerCompilerTask.compileCommonProfile(     at com.sygate.scm.server.task.EnforcerCompilerTask.compileProfile(     at     at java.util.TimerThread.mainLoop(     at com.sygate.scm.server.util.ServerException: Unexpected server error.     at com.sygate.scm.server.util.ServerLogger.log(     at com.sygate.scm.server.util.ServerLogger.log(     at com.sygate.scm.server.util.ServerLogger.log(     at     at java.util.TimerThread.mainLoop(     at Caused by: java.lang.NullPointerException     at com.sygate.scm.server.task.EnforcerCompilerTask.compileCommonProfile(     at com.sygate.scm.server.task.EnforcerCompilerTask.compileProfile(     at     ... 2 more