Error: "Login to [computer] failed. Check the username and password and try again."

Article:TECH91715  |  Created: 2009-01-08  |  Updated: 2013-11-12  |  Article URL http://www.symantec.com/docs/TECH91715
Article Type
Technical Solution


Issue



While installing Symantec Endpoint Protection remotely, you see this error message: "Error: Login to [computer] failed. Check the username and password and try again."


Cause



There are a number of different problems that can cause the logon attempt to fail. Try each of the solutions below in order to identify the problem.

Another cause may be due to duplicate entries in the DNS. Check the forward and reverse lookup in the DNS and check for duplicate entries.


Solution



Note: Symantec Help (SymHelp) can automatically detect many of the common problems that cause this error message to appear, and guide you to specific information on how to fix them. To download SymHelp, click the following link: Download SymHelp.

  • Incorrect user name or password
  • This problem can happen if the user name or password that you entered is incorrect. Enter the correct user name and password to solve the problem.

  • Simple file sharing is enabled or the "Sharing and security model for local accounts" policy is set to Guest Only
    This problem can occur if Simple File Sharing (or the Sharing Wizard) is enabled on the target computer, or if the client has the "Sharing and security model for local accounts" policy set to Guest Only, the manager is not able to authenticate as Administrator. To solve the problem, read the document Is the "Sharing and security model for local accounts" policy set to Guest Only?

  • User Account Control is enabled
  • If User Account Control is enabled, the manager may not be able to access the administrative shares C$ and ADMIN$. This can cause remote deployment to fail. See the document Is User Account Control enabled on the client?

  • The Administrator account on the target computer does not have a password
  • If the Administrator account on the target does not have a password set, authentication will fail. To solve this problem, read the document Does the Administrator account have a password?

  • Port 445 is blocked
  • If the Microsoft Windows Firewall is not configured to allow File and Printer Sharing (port 445), authentication will fail. To solve this problem, read the document Is the Microsoft Windows Firewall blocking port 445?

  • The Remote Registry Service is set to disabled on the client computer
  • If the Remote Registry Service is stopped and set to Disabled on the client computer, the manager cannot scan the client registry because the service cannot be started. To solve this problem, make sure that the Remote Registry Service is set either to Manual or Automatic.

    Refer to the SEPM tomcat logs for more information: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\Logs\scm-server-0.log

    Example of remote registry failure condition from scm-server-0.log:

    THREAD 91 WARNING: SearchUnagentedHost>> parseNstOutputLine: NST log line -> [ WARNING: Failed to open a connection to the RemoteRegistry service on 192.168.1.230. because "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."]

  • To check the Remote Registry Service
    1. Click Start > Settings > Control Panel.
    2. Double-click Administrative Tools.
    3. Double-click Services.
    4. Double-click Remote Registry.
    5. Make sure that the Startup Type is set to either Manual or Automatic.
    6. Click OK.

  • The LAN Manager authentication levels on the manager and clients are not compatible

  • If the LAN Manager Authentication Levels on the manager and clients are incompatible, they will not be able to communicate. Normally, they will be the same because the policy will be set by the Group Policy Management in Active Directory. In the case that the machines in the network are not using this and the connections fail, check the options on the computers involved.

  • To check the LAN Manager options on Windows 2000 Server.
    1. Click Start > Settings > Control Panel.
    2. Double-click Administrative Tools.
    3. Double-click Local Security Policy
    4. Go to Local Policies > Security Options.
    5. Right-click LAN Manager authentication level, and click Security.
    6. Ensure that the client and manager have the same settings.

  • To check the LAN Manager options on Windows 2003 Server, Windows XP, or Windows Vista
    1. Click Start > Settings > Control Panel.
    2. Double-click Administrative Tools.
    3. Double-click Local Security Policy
    4. Go to Local Policies > Security Options.
    5. Right-click Network Security: LAN Manager authentication level, and click Properties.
    6. Ensure that the client and manager have the same settings.

  • For more information on these settings, read the following document from the Microsoft Knowledge Base: http://support.microsoft.com/kb/147706

 


Supplemental Materials

Value1466667

SourceETrack
Value2255204
Description

Remote push doesn't work if the administrator account on the client doesn't have a password (workgroup, no domain) [SEP 12.1]



Legacy ID



2009010810510248


Article URL http://www.symantec.com/docs/TECH91715


Terms of use for this information are found in Legal Notices