You have enabled SNMP-based alerts from an SCSP Server system, but no traps are being received by your Network Management System or SNMP Trap Receiver. The alerts are correctly configured and no host firewall process is blocking the local or remote SNMP ports 161 and 162.
The SCSP Manager process "SISManager.exe" handles SNMP Trap sending directly. When started, it will bind to the first available Network Interface. If that is interface is not connected to or routable to the subnet on which the SNMP NMS or Trap Receiver system is located, the traps will not be sent.
Setting tracing in the SCSP Alert settings will not pinpoint the cause of the issue as the logs will confirm that the traps were sent.
The issue is related to the design of the sockets API used to transmit UDP packets; a single call to send a UDP multicast frame is limited to a single network interface on the sending machine.Symantec will investigate if this issue can be worked around in code.
In the meantime, the following workaround will resolve the problem:
- Right-click the My Network Places icon and choose Properties. Or Control Panel icon then choose Network Connections or “Network and Internet” for W2K8.
- For Windows 2003, from the menu of the Network and Dial-up Connections window, choose Advanced > Advanced Settings > Bindings.
- For Windows 2008, to access the above menu you need to click “View network status and tasks”, then right click “Change adapter settings”, then hold Tab and select ALT to see menu; “Advanced” > “Advanced Settings”.
- On the Adapter and Binding tabs, in the Connections area, ensure that the primary NIC is listed first.
- From a DOS prompt, issue the ipconfig /all command to verify that your selected primary NIC appears first in the list.
- Disable the Network Interface that is not on the same subnet as the SNMP NMS / Trap Receiver system.
- Restart the "Symantec SCSP Manager Service" to force the process to bind to the correct interface.
- Monitor the SNMP receiver system. The traps should now appear as expected.
The server is dual-homed with a Network Controller on two separate subnets.