Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

AD Authentication issue in SEPM

Created: 14 Jan 2014 • Updated: 14 Jan 2014 | 7 comments
This issue has been solved. See solution.


I'm running SEPM 12.1 on a W2K3 R2 server. We currently authenticate using AD credentials, and the SEPM server is pointing to a W2K3 R2 DC. We are in the process of upgrading our DCs to W2K8 R2. AD is healthy.

When I change my directory servers in SEPM to my new W2K8 R2 DC, I can no longer authenticate/login to SEMP using my AD credentials.

I can login using a "local" admin, and change the Directory Servers back to my original W2K3 DC, and authentication works again.

LDAP is enabled on the newer, W2K8 R2 DC, and I can telnet to the server on port 389.

Why am I having trouble pointing my SEPM console authentication to my shiny new W2K8 R2 DC?


Operating Systems:

Comments 7 CommentsJump to latest comment

_Brian's picture

Did you add the new server under "Directory Servers"? Remove the old one.

Adding directory servers

Rafeeq's picture

if you are not using it, remove the first DC, put in the details of new DC

try logging.

Me_Being_Me's picture

_Brian - yes ... I followed that procedure (fairly intuitive), and yes, I did remove the old one.

Rafeeq - as above, old DC removed.

Also, I've tried using the IP address instead of FQDN. I've tried with and without a replication partner (we have a (older) pair of W2K3 DCs and a (newer) pair of W2K8 DCs). I've tried "Secure" vs. not secure. In every case, while pointing to the new W2K8 R2 DC, I get the following error:


Thanks to both of you for your input! 


_Brian's picture

Did you than go into the properties of the Administrator you're trying to log in with and change their directory server to the new one?

Me_Being_Me's picture

_Brian - you have solved the issue!

I was unaware that subsequent to establishing new "Directory Servers", you also had to go and assign new Authentication Servers to the AD Admin users. Once I did this, I was able to login to the console using my AD credentials.

Now, for some reason, if I click the "Test Account" button on my "Edit Administrator Properties" dialog, it fails. 


However, I CAN login to the console using my AD credentials and it is working. So, I'm not going to worry too much about that "Test Account" button.

Thanks to all for your advice and assistance - I can move forward now!


_Brian's picture

Great news, glad to help!

Take care