KNOWN ISSUE: NT Authentication with the Local Administrators group only works for languages in which the group name is literally "Administrators"

Article:TECH45103  |  Created: 2009-09-18  |  Updated: 2010-10-25  |  Article URL http://www.symantec.com/docs/TECH45103
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



"Invalid login. Please try again." appears during authentication attempts to computers running the pcAnywhere plug-in.


Environment



  • In the pcAnywhere host configuration policy, the Authentication type is set to NT for the group
    "[Local Machine]\Administrators".
  • The host computer is configured for a language in which the local administrators group is not literally "Administrators", such as the following:

    French: Administrateurs
    German: Administratoren
    Portuguese: Administradores
    Russian: Администраторы
    Spanish: Administradores

Cause



This is a known issue with the original release of pcAnywhere Solution 12.5.


Solution



This issue is resolved in Service Pack 2 of pcAnywhere:  https://kb.altiris.com/article.asp?article=50630&p=1the following work-arounds are available:

If you are unable to update at this time, 

  1. Use Active Directory authentication rather than NT authentication. This allows for selection of groups which were queried directly from Active Directory.
  2. Modify the Host (*.BHF) and Caller files (*.CIF) for each localized host language to include the correct Caller object.

To accomplish this second work-around, you can either install the pcAnywhere 12.5 "box" product on a localized OS, or if your Symantec Management Platform server OS language matches that of the hosts, this can be done by opening the "Symantec pcAnywhere" application from the server desktop.

Take a copy the default host and caller files from a host computer of the desired language under the <%ALLUSERSPROFILE%>\Application Data\Symantec\pcAnywhere\Hosts folder, and modify those two files to implement the work-around.

Symantec has published Knowledge Base article called "Steps by Step How To Creating a pcAnywhere Host" at http://service1.symantec.com/SUPPORT/on-technology.nsf/docid/2009042809411860 with several screen shots, although in this case we will modify an existing host file rather than create a new one.

While editing the NT caller properties for each language, be sure to check the box for "Support global NT users and groups defined in local NT groups".  Otherwise nested users and groups will not be able to authenticate due to another known issue.

Once the localized caller file (for example the English version is named "WINNT.[Local Machine]+Administrator.cif") is created, then both this file and the corresponding *.bhf file should be copied to the <%ALLUSERSPROFILE%>\Application Data\Symantec\pcAnywhere\Hosts folder on each host computer with the same localized OS.

It is important to disable the host configuration policies in the Symantec Management Console if you implement this work-around, because any updates to the policy will overwrite the modifications described above.

Please contact Symantec Technical Support if you have any questions.

 


Supplemental Materials

ValueETK 1764866
Description

Logged in Etrack (Symantec) database


Legacy ID



49180


Article URL http://www.symantec.com/docs/TECH45103


Terms of use for this information are found in Legal Notices