Network Access Control

 View Only
Back to discussions
Expand all | Collapse all

Windows DHCP Enforcer doesn't connect to SEPM

  • 1.  Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 06:48 AM

    Hi,

    I'm using SNAC with SEPM. I have DHCP server on our Domain Controller. and we installed DHCP Enforcer on this servr. At first I couldnt remember the encryption password, so I backed up our database and certification, then I uninstalled and installed SEPM. During install I gave new and simple encryption password and I noted it. I restored database and certification. But after these processes DHCP Enforcer still doesn't connect. I looked at the debug.log file and every time i try to connect it logs these :

    Feb/26/2010 13:15:17:468  [  370]: ===================== Integrated Enforcer Starting 11.0.5002.231 =====================
    Feb/26/2010 13:15:17:468  [   76]: DebugSetDebugLevel: setting debug level to 3.
    Feb/26/2010 13:15:17:468  [ 1292]: initProfile: failed to copy file, err=The system cannot find the file specified. (0x2).
    Feb/26/2010 13:15:17:468  [  255]: LogInitialize: Enforcer Log Initialize Complete!
    Feb/26/2010 13:15:17:468  [ 1661]: LoadExternalAuthDlls: dll folder found=1, dwStatus=259
    Feb/26/2010 13:15:17:468  [ 1722]: LoadExternalAuthDlls: plugin disabled for folder BindView
    Feb/26/2010 13:15:17:484  [   75]: RADIUS intialize complete!
    Feb/26/2010 13:15:17:484  [  451]: DetectInitialize: Failed to bind to socket 16284.
    Feb/26/2010 13:15:17:484  [   96]: RADIUS cleaup!
    Feb/26/2010 13:15:17:484  [  810]: Detect init error! flags=00000000
    Feb/26/2010 13:15:17:484  [  900]: ServiceStart: Failed to initialize detect engine!
    Feb/26/2010 13:15:17:484  [ 1029]: ServiceStart: Clean up environment...
    Feb/26/2010 13:15:17:484  [  388]: DebugCleanup: Debug logging cleanup!
    Feb/26/2010 13:15:17:484  [  389]: ********************************************************************************

    And in snacDebugLog.log it logs these:

    Feb/26/2010 11:52:59:531  [  916]: current SPM: 192.168.110.228
     Feb/26/2010 12:05:15:546  [  370]: ===================== Integrated Enforcer Starting 11.0.5002.231 =====================
    Feb/26/2010 12:05:15:546  [   76]: DebugSetDebugLevel: setting debug level to 5.
    Feb/26/2010 12:05:15:546  [  371]: ****************** Thread Context ******************
     Feb/26/2010 12:05:15:546  [  372]: Thread ID 388 --- name 0x54487230
     Feb/26/2010 12:05:15:546  [  373]: Thread ID 388 --- stop event 0x188
     Feb/26/2010 12:05:15:546  [  374]: ****************************************************
     Feb/26/2010 12:05:15:546  [  371]: ****************** Thread Context ******************
     Feb/26/2010 12:05:15:546  [  372]: Thread ID 400 --- name 0x54487231
     Feb/26/2010 12:05:15:546  [  373]: Thread ID 400 --- stop event 0x18c
     Feb/26/2010 12:05:15:546  [  374]: ****************************************************
     Feb/26/2010 12:05:15:546  [  371]: ****************** Thread Context ******************
     Feb/26/2010 12:05:15:546  [  372]: Thread ID 408 --- name 0x54487232
     Feb/26/2010 12:05:15:546  [  373]: Thread ID 408 --- stop event 0x194
     Feb/26/2010 12:05:15:546  [  374]: ****************************************************
     Feb/26/2010 12:05:15:546  [  371]: ****************** Thread Context ******************
     Feb/26/2010 12:05:15:546  [  372]: Thread ID 416 --- name 0x54487233
     Feb/26/2010 12:05:15:546  [  373]: Thread ID 416 --- stop event 0x19c
     Feb/26/2010 12:05:15:546  [  374]: ****************************************************
     Feb/26/2010 12:05:15:546  [  371]: ****************** Thread Context ******************
     Feb/26/2010 12:05:15:546  [  372]: Thread ID 424 --- name 0x54487234
     Feb/26/2010 12:05:15:546  [  373]: Thread ID 424 --- stop event 0x1a4
     Feb/26/2010 12:05:15:546  [  374]: ****************************************************
     Feb/26/2010 12:05:15:546  [  371]: ****************** Thread Context ******************
     Feb/26/2010 12:05:15:546  [  372]: Thread ID 432 --- name 0x54487235
     Feb/26/2010 12:05:15:546  [  373]: Thread ID 432 --- stop event 0x1ac
     Feb/26/2010 12:05:15:546  [  374]: ****************************************************
     Feb/26/2010 12:05:15:546  [  401]: trying to register SERVER

     Feb/26/2010 12:05:15:578  [  897]: SPM return bad request for the registration request!! Share secret could be wrong!
     Feb/26/2010 12:05:15:578  [  416]: failed to register SERVER

     Feb/26/2010 12:05:15:578  [  231]: Registration failed!

     Feb/26/2010 12:05:20:546  [  916]: current SPM: SERVER


    I'm sure encryption password on Enforcer is same as I wrote on initial installation. What can I do? I don't want to use Windows NAP because we payed on this software and I can't say to our manager that it is unusable. Thanks for advices.



  • 2.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 07:08 AM
    I made Enforcement Service to run with help of this article :

    http://service1.symantec.com/SUPPORT/ent-security.nsf/ppfdocs/2008020608273348?Open&dtype=corp&src=&seg=&om=1&om_out=prod

    but Connection status is still RED...if its connected it should be green...Why is it still RED?


  • 3.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 07:09 AM
    Hi,

    Is this a DHCP enforcer device or a DHCP enforcer plugin?

    Aniket


  • 4.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 07:16 AM
    You can check if the following KB is relevent to your issue:

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101315503848

    Aniket


  • 5.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 08:15 AM
    Hi,

    Thanks for advice. I saw the page you sent yesterday. I did all the steps that it wrote. Before, the service didnt started because of NAC installed on DHCP Server side. Now, I disabled NAC on DHCP server side. and when i press start button on Enforcement service and server communication service, the services starts. but the Connection status on Connection Management server is still red. And when i look at the ebug logs. they are same as i mentioned above. And on the SEPM side, I cant see I_DHCP icon on Console Admin.

    What can be wrong? what should i track to solve the problem?


  • 6.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 08:54 AM
    OK I think DHCP Enforcer plugin isn't working. because all the documents i read is the same that i configured here. but it's not working. I think I will use Windows Server 2008 NAP for this.


  • 7.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 08:59 AM
    Hi,

    I think if you make sure that the encryption password entered in SEPM as well as the enforcer GUI is the same, this issue should not happen.

    The error message "shared secret could be wrong" can indicate the same thing.

    Aniket


  • 8.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 09:07 AM
    Yes I know but i installed SEPM twice today. At first i thought that i wrote a complex password. than i uninstalled and installed with a password like "jack". No capital letter, no @ or what ever. just "jack". Also i noted it too :) but when i write it to Enforcer it still same problem. Also i tried to communicate the Enforcer before and after i restore database. but still same problem.

    can it be about running DHCP ona domain controller? do you think we must try  to install a dhcp server ona fresh installed windows server and try to run Enforcer plugin there? Because its the only think i didnt try yet.



  • 9.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 09:09 AM
    Oh and about IIS configuration...can it be about IIS configuration? it works on port 8014. is there a way to check communication on port 8014 is ok ? i mean except "telnet <ip address> 8014"


  • 10.  RE: Windows DHCP Enforcer doesn't connect to SEPM
    Best Answer

    Posted Feb 26, 2010 09:27 AM
    Yes, you can run this command in IE:

    http://10.0.2.2:8014/secars?hello,secars

    If you receive the response as "OK", the communication is fine.

    [ http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a6b9dc2d869c89a58825737700642895?OpenDocument  ]


    You can try installing the DHCP plugin on a new server and let us know if the issue is resolved.

    That can help us identify if the issue is on DHCP enforcer or the SEPM itself.

    Aniket


  • 11.  RE: Windows DHCP Enforcer doesn't connect to SEPM

    Posted Feb 26, 2010 06:06 PM
    Ok. I understand that you are right. The problem was the encryption password. But! every page syas that to recovre encryption password, uninstall and install SEPM. i did it. and to have my clients back, i need to restore database. And thats the center of my problem. THE FORGOTTEN PASSWORD İS RESTORED TOO!! luckyly i remembered the old password and entered it in Enforcer, and it worked.

    And secondly, on the server which DHCP runs, Symantec Endpoint protection is running too. So the port 8014 is used bye sms.exe. so the Enforcer (IntegratedEnf.exe) cannot use it .

    But there is not any article that sms and Enforcer mustn run on same server. Or i didnt find any.

    To run Enforcer plugin where SEPM runs, shutdown SEPM service(or remove by modifying,except core), start Enforcer service, and finally reinstall SEPM by modifying.

    Anyway, thanks for support. Good Day.