Endpoint Protection

 View Only

  • 1.  AD Authentication issue in SEPM

    Posted Jan 14, 2014 11:31 AM

    Hello,

    I'm running SEPM 12.1 on a W2K3 R2 server. We currently authenticate using AD credentials, and the SEPM server is pointing to a W2K3 R2 DC. We are in the process of upgrading our DCs to W2K8 R2. AD is healthy.

    When I change my directory servers in SEPM to my new W2K8 R2 DC, I can no longer authenticate/login to SEMP using my AD credentials.

    I can login using a "local" admin, and change the Directory Servers back to my original W2K3 DC, and authentication works again.

    LDAP is enabled on the newer, W2K8 R2 DC, and I can telnet to the server on port 389.

    Why am I having trouble pointing my SEPM console authentication to my shiny new W2K8 R2 DC?

    Randy



  • 2.  RE: AD Authentication issue in SEPM

    Posted Jan 14, 2014 11:34 AM

    Did you add the new server under "Directory Servers"? Remove the old one.

    Adding directory servers

    http://www.symantec.com/docs/HOWTO55393



  • 3.  RE: AD Authentication issue in SEPM

    Posted Jan 14, 2014 11:48 AM

    if you are not using it, remove the first DC, put in the details of new DC

    try logging.



  • 4.  RE: AD Authentication issue in SEPM

    Posted Jan 14, 2014 12:07 PM

    _Brian - yes ... I followed that procedure (fairly intuitive), and yes, I did remove the old one.

    Rafeeq - as above, old DC removed.

    Also, I've tried using the IP address instead of FQDN. I've tried with and without a replication partner (we have a (older) pair of W2K3 DCs and a (newer) pair of W2K8 DCs). I've tried "Secure" vs. not secure. In every case, while pointing to the new W2K8 R2 DC, I get the following error:

    sepm_login_error.JPG

    Thanks to both of you for your input! 

     



  • 5.  RE: AD Authentication issue in SEPM
    Best Answer

    Posted Jan 14, 2014 12:12 PM

    Did you than go into the properties of the Administrator you're trying to log in with and change their directory server to the new one?



  • 6.  RE: AD Authentication issue in SEPM

    Posted Jan 14, 2014 12:24 PM

    check for authentication logs

    after enabling this option

    http://www.symantec.com/business/support/index?page=content&id=TECH102413



  • 7.  RE: AD Authentication issue in SEPM

    Posted Jan 14, 2014 01:46 PM

    _Brian - you have solved the issue!

    I was unaware that subsequent to establishing new "Directory Servers", you also had to go and assign new Authentication Servers to the AD Admin users. Once I did this, I was able to login to the console using my AD credentials.

    Now, for some reason, if I click the "Test Account" button on my "Edit Administrator Properties" dialog, it fails. 

    sepm_auth_fail.JPG

    However, I CAN login to the console using my AD credentials and it is working. So, I'm not going to worry too much about that "Test Account" button.

    Thanks to all for your advice and assistance - I can move forward now!

    Randy



  • 8.  RE: AD Authentication issue in SEPM

    Posted Jan 14, 2014 01:56 PM

    Great news, glad to help!

    Take care