Endpoint Protection

 View Only

  • 1.  Endpoint Protection Manager breaks Network Policy Server in Windows Server 2008

    Posted May 25, 2009 10:45 PM
    SEPM will not co-exist with Network Policy Server (i.e. RADIUS, etc) in Windows Server 2008.

    Regardless of the ports you select for installation of the management server, it appears to break NPS due to a conflict of ports.

    The standard ports for NPS are 1812, 1645 for Authentication and 1813, 1646 for Accounting.

    It appears that SEPM uses RADIUS port 1812 which I cannot find anywhere to configure.

    Just a word of warning as we have had to move this to a separate server as it 'doesn't play nice' with various other applications and services.


  • 2.  RE: Endpoint Protection Manager breaks Network Policy Server in Windows Server 2008

    Posted May 26, 2009 01:25 AM
    You can change the configuration file and specify a different port for the SEPM to use.

    Ideally, if you get the eror saying that RADIUS Port is already in use, just click OK and proceed with the installation. I've actually seen this a lot when I used to work with support, and haven't had any issues with the port conflicting.

    Additionally, I've also configured a whole lab env. with the NPS role implemented, and the SEPM is co-existing w/o any issues on the same server.

    Could you please describe what exactly happened when you installed the SEPM? or were you able to ascertain which component of NPS failed ?




  • 3.  RE: Endpoint Protection Manager breaks Network Policy Server in Windows Server 2008
    Best Answer

    Posted Jun 05, 2009 10:52 AM
    To check which executable is working on which port, you can use the command

    netstat -ab C:\output.txt and then check the output.txt file in C drive. Search for 1812, you should see an executable name associated with that port.

    This wont resolve the issue, but just another step for root cause analysis of the problem.


    To solve the problem, change the port the Symantec Endpoint Protection Manager uses.

    To change the port
    Navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\.
    In a text editor such as Notepad, open the conf.properties file.
    Add a line at the bottom that reads:

    scm.radius.port=xxxx

    where xxxx is the desired port number.
    Press Enter to ensure that there is a blank line at the end of the conf.properties file.
    Save and close the conf.propert

    Hope this helps.

    Cheers,
    Aniket



  • 4.  RE: Endpoint Protection Manager breaks Network Policy Server in Windows Server 2008

    Posted Apr 19, 2010 03:51 PM
    Aniket, thanks for the info here.  What is a good alternative port number to use?  (And do I ust use 'netstat -ab' again to confirm it is not in use anywhere?)

    Do I need to restart any SEP services after this 'scm.radius.port=xxxx' line is added?  Or reboot the server?  Any client reconfiguration needed?  Thanks for the clarifications.