The SNAC(Symantec Network Access Control) service is disabled after SEPM(Symantec Endpoint Protection Manager) was upgraded from 11.0.x to 12.1, in SEP(Symantec Endpoint Protection) User interface, Network Access Control is disappearing. The client will not be able to pass the dot1x authentication, or the Gateway Enforcer authentication.
11/28/2011 12:46:56 <init_wgx_from_registry@1397> SNAC license does not exist.
In SEPM 11.0.X console, even though you do not assign the Host Integrity policy to a group, the group members' SNAC service is enabled. But in SEPM 12.1 console, if you do not assign the Host Integrity policy to a group, the group members' SNAC service will be disabled. So, after upgrading SEPM 11.0 to SEPM 12.1, the client members of a group without Host Integrity policy will disable the SNAC service, then they will be unable to response Gateway Enforcer's challenge packets and do dot1x authentication.
Logon SEPM console, go to Clients>Groups>Policies>, assign the Host Integrity Policy to groups. Then the SEP clients can learn the new policy, and the SNAC service can be started automatically.
SEP client version: 11.0.x
SEPM version: 12.1 or 12.1 RU1
Imported Document ID: TECH177440
Subscribing will provide email updates when this Article is updated. Login is required.