All SEP clients 802.1x authentication by Lan Enfocrer Transparent mode failed. The problems occured on all clients on all switches.
Trouble Shooting Steps:
1) Check the Enforcer Kernel Log:
Sep/23/2011 15:40:49 [ radproxy.c][ 7533]: Send Verify UID RADIUS packet to Policy Manager xx.xx.xx.xx for client SSA(xx-xx-xx-xx-xx-xx). Sep/23/2011 15:41:01 [ radproxy.c][ 1453]: Verify UID from SEPM timeout, Client UID is unknown, Profile is set to invalid for xxxxxxxx.
check the capture from Lan Enforecer, there is only the RADIUS Access-Request(1) from Enforcer to SEPM, no response from SEPM.
2) We no Lan Enforcer Checks client UID from SEPM, use the command netstat -nao, find that there is UDP 1812 listeninig by process svchost.exe.
In fact, SEPM listens UDP 1812 by w3wp.exe in 11.x, and by httpd.exe in 12.1, it should not be svchost.exe. svchost.exe is a system process of windows, it stands for the windows services. Check the windows service of the SEPM, find that Internet Authentication Service(IAS) is running in the system.
3) Stop the Internet Authentication Service(IAS) , set the service properties to forbidden. Restart the SEPM service. Then all clinets 802.1x authentication by Lan Enfocrer succeeds.
Stop the Internet Authentication Service(IAS) , set the service properties to forbidden. Restart the SEPM service. Then all clinets 802.1x authentication by Lan Enfocrer succeeds.
Symantec Endpoint Protecion Manager 12.1 on Windows 2003 Server R2 SP2.
Symantec Network Access Control 6100 Lan Enforcer 12.1.
Symantec Endpoint Protection Client 12.1 on Windows XP SP3.
Imported Document ID: TECH172709
Subscribing will provide email updates when this Article is updated. Login is required.