Video Screencast Help
Search Video Help Close Back
to help

SNAC - client is not connected

Created: 28 Aug 2012 | Updated: 30 Aug 2012 | 5 comments
Kyli's picture
Kyli
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi,

I'm just testing SNAC with DHCP enforcer but still not getting it functional. There is message in enforcer console - client log: "The Symantec client is not currently connected. We will automatically retry the connection and update the status if successful."

 

There are four computers in test environment on the same subnet (192.168.31.0/24):

DC/DNS

DHCP with SNAC DHCP Enforcer (DC,DHCP and SEMP are configured as reachable from quarantine)

SEPM with empty HI policy

Client with SNAC client installed

 

 

When client obtain IP from DHCP it has ipconfig:

 

IPv4 Address. . . . . . . . . . . : 192.168.31.212
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

and route print:

192.168.31.200 255.255.255.255 192.168.31.1 192.168.31.212 6  -DC
192.168.31.209 255.255.255.255 192.168.31.1 192.168.31.212 6  -DHCP
192.168.31.211 255.255.255.255 192.168.31.1 192.168.31.212 6  -SEPM

 

Any ideas what's wrong ?

 

Thx

Discussion Filed Under:
, , , ,

Comments 5 CommentsJump to latest comment

Ashish-Sharma's picture
Ashish-Sharma
SNAC - client is not connected - Comment:28 Aug 2012 : Link

Check this artical.

http://www.symantec.com/business/support/index?page=content&id=TECH97435

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

0
Login to vote
  • Actions
Kyli's picture
Kyli
SNAC - client is not connected - Comment:28 Aug 2012 : Link

I already checked it. I was thinking about:

"DHCP plug-in needs to be able to contact SEP or SNAC client on UDP/39999 whether the client is in quarantine or not"

So, there is disabled windows firewall on both computers. I think there is no other obstacle in communication over LAN.

0
Login to vote
  • Actions
Ashish-Sharma's picture
Ashish-Sharma
SNAC - client is not connected - Comment:28 Aug 2012 : Link

I recommend you open a case with Symantec support to get a quick resolution to this issue.

 

http://www.symantec.com/business/support/contact_t...

https://mysupport.symantec.com/

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

0
Login to vote
  • Actions
Chuck Edson's picture
Chuck Edson Symantec Employee Accredited Certified
SNAC - client is not connected - Comment:28 Aug 2012 : Link

99% of the time this happens is what Kyli said:  You need bidirectional port UDP 39999 open between the Enforcer and the Client.

When the client attempts to get a DHCP address, the Enforcer queries the Client on UDP 39999.  Then, the client responds on UDP 39999.  If the answer is correct, then the Enforcer hands out a production DHCP address to the client.

You can use Wireshark to verify if the UDP 39999 packets are being sent and received from both the client and the Enforcer.

Let us know if this helps.

If a post helps you, please give it a thumbs up or mark it as the solution to your issue.

SOLUTION
+1
Login to vote
  • Actions
Kyli's picture
Kyli
SNAC - client is not connected - Comment:29 Aug 2012 : Link

I think I found it ..

 

Problem is that DHCP and client are on the same subnet. If client wants to contact DHCP, he will go thru gateway. So router receive packet from 192.168.31.210 to 192.168.31.209 and doesn't route local subnet IPs, so return ICMP destination unreachable (code 13 - communication administratively filtered).

 

In real world there are not clients and DHCP servers in the same VLAN so it will be ok.

 

Solution is simple - I have to change testing environment smiley

 

Thaks

0
Login to vote
  • Actions