Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

AD Authentication issue in SEPM

Created: 14 Jan 2014 • Updated: 14 Jan 2014 | 7 comments
This issue has been solved. See solution.

Hello,

I'm running SEPM 12.1 on a W2K3 R2 server. We currently authenticate using AD credentials, and the SEPM server is pointing to a W2K3 R2 DC. We are in the process of upgrading our DCs to W2K8 R2. AD is healthy.

When I change my directory servers in SEPM to my new W2K8 R2 DC, I can no longer authenticate/login to SEMP using my AD credentials.

I can login using a "local" admin, and change the Directory Servers back to my original W2K3 DC, and authentication works again.

LDAP is enabled on the newer, W2K8 R2 DC, and I can telnet to the server on port 389.

Why am I having trouble pointing my SEPM console authentication to my shiny new W2K8 R2 DC?

Randy

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

Did you add the new server under "Directory Servers"? Remove the old one.

Adding directory servers

http://www.symantec.com/docs/HOWTO55393

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

if you are not using it, remove the first DC, put in the details of new DC

try logging.

Me_Being_Me's picture

_Brian - yes ... I followed that procedure (fairly intuitive), and yes, I did remove the old one.

Rafeeq - as above, old DC removed.

Also, I've tried using the IP address instead of FQDN. I've tried with and without a replication partner (we have a (older) pair of W2K3 DCs and a (newer) pair of W2K8 DCs). I've tried "Secure" vs. not secure. In every case, while pointing to the new W2K8 R2 DC, I get the following error:

sepm_login_error.JPG

Thanks to both of you for your input! 

.Brian's picture

Did you than go into the properties of the Administrator you're trying to log in with and change their directory server to the new one?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Me_Being_Me's picture

_Brian - you have solved the issue!

I was unaware that subsequent to establishing new "Directory Servers", you also had to go and assign new Authentication Servers to the AD Admin users. Once I did this, I was able to login to the console using my AD credentials.

Now, for some reason, if I click the "Test Account" button on my "Edit Administrator Properties" dialog, it fails. 

sepm_auth_fail.JPG

However, I CAN login to the console using my AD credentials and it is working. So, I'm not going to worry too much about that "Test Account" button.

Thanks to all for your advice and assistance - I can move forward now!

Randy

.Brian's picture

Great news, glad to help!

Take care

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.