KNOWN ISSUE: "Invalid login. Please try again." appears with NT authentication when user is in a nested Active Directory group

Article:TECH41779  |  Created: 2009-04-03  |  Updated: 2010-10-22  |  Article URL http://www.symantec.com/docs/TECH41779
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



The user specified for authentication in a Remote Control session is not directly a member of the Local Administrators group on the host computer.  For example, the user may belong to a nested Active Directory group that is indirectly a member of the local Administrators group.

 

 

"Invalid login. Please try again." appears after providing such credentials for a Remote Control session from the Symantec Management Console or from the pcA Quick Connect program.

 


Environment



This issue affects Windows computers running:

  • the original release of the pcAnywhere Solution plug-in ("Symantec pcA Agent" version 12.5.285)
  • the Service Pack 1 release of the pcAnywhere Solution plug-in ("Symantec pcA Agent" version 12.5.415)


In the Symantec Management Console, the default Authentication tab of the pcAnywhere Solution Settings policy specifies the following:

Authentication type:  "NT"
Active users or groups:  "[Local Machine]\Administrators"


 


Cause



There was an issue with the authentication methods used by the pcAnywhere host software to query Active Directory.
 


Solution



Attached is a patch for this issue, WinNTAuth.dll.

If you are running pcAnywhere SP2 (build 12.5.0.539), download the attached sp2.zip file and extract its contents.
Then use the instructions in document 52759 to run the update via Software Delivery;

If you are running pcAnywhere SP1 (build 12.5.0.415), attached are the instructions for the patch, Readme.txt. 

Note that this Knowledge Base article applies to the pcAnywhere Solution plug-in. See the following Knowledge Base article for the corresponding patch for the "standalone" pcAnywhere product, also known as the pcAnywhere "box" product:  http://service1.symantec.com/SUPPORT/on-technology.nsf/docid/2010030215370360.

 

 


To work-around this issue without the patch, select an alternate Authentication type in the pcAnywhere Settings policy, either "Active Directory" or "pcAnywhere".


Attachments

Readme.txt (2 kBytes)
WinNTAuth.dll (185 kBytes)


SP2Delivery.zip (199 kBytes)

Supplemental Materials

SourceDEFECT
ValueETK 1556210
Description

Logged in Etrack (Symantec) database


SourceDEFECT
ValueETK 1934626
Description

Logged in Etrack (Symantec) database


Legacy ID



46430


Article URL http://www.symantec.com/docs/TECH41779


Terms of use for this information are found in Legal Notices