Video Screencast Help

Admin User Name or Password Is Incorrect

Created: 02 Jul 2012 • Updated: 09 Aug 2012 | 21 comments
This issue has been solved. See solution.

I'm logged in to the SEPM console. I click Admin and then Servers. The log at the bottom of the page shows several entries for this error every two minutes: "The administrator's user name or password is incorrect. Type a valid user name or password. [Site: Sitename] [Server: SEPMServerName]"

I'm logged on with the SEPM default admin account, so I know it isn't that account. AD Sync is enabled, but not for this account. I checked all the Directory Server information for all of the domains listed, and they are all correct. Sync w/AD is set for every 24 hours, so I don't have a clue as to what is causing the errors.

These SEPM errors aren't very helpful, other to say that there is a problem. SEPM Event Log in Windows shows nothing. However, the Security Event log shows that there was an attempt to do credential validation on the admin account and failed with error code 0xc0000064. And, at the same time, it logs on the admin account and runs:

\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SysUtil.exe

I can't seem to find anything about this error when I search Connect.

Comments 21 CommentsJump to latest comment

_Brian's picture

When an alert is triggered, it looks like a batch or executable file is set to run. Check for this under your alerts. You should see the below option checked on one or more of them:

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

dsmith1954's picture

Not sure what this has to do with getting login failures in the Admin section, but I checked anyway. None of our notifications run batch/executibles, and those selections are all unchecked.

Mithun Sanghavi's picture

Hello,

Is there any Replication set?

Check these Articles:

Unusual log entries and connection failures when replicating sites after upgrading to Symantec Endpoint Protection 12.1

http://www.symantec.com/docs/TECH161475

Unable to add re-add replication partner using Active Directory/LDAP administrator

http://www.symantec.com/docs/TECH164880

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

dsmith1954's picture

No replication. Single server, v12.1 RU1 MP1. db is on a different server.

Mithun Sanghavi's picture

Hello,

Could you check if there are 2 Domains with the same SEPM?

SEPM > Admin > Domains

Also, could you Run the Management Server Configuration Wizard and check if the database is properly set with SEPM.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

dsmith1954's picture

Yes, there is more than one domain setup in SEPM.

The database is setup properly or I wouldn't be able to manuever around the console. I can also see that on the Servers tab.

I checked SQL Reporting Services also, and they are working - the Home page in SEPM shows up and refreshes.

Since this thing runs on Apache, I decided to re-start the SEPM Webserver service, which in turn restarted the SEPM service. I thought that did it. I had been error free for over 15 minutes, and then they started up again.

10 errors per minute... At least that's all that shows in SEPM

John Q.'s picture

Check in Monitors > Logs > System Logs to see if you can get more details about these connection issues (who, when, where).

Second step would be to disable anything that requires authentifications (notifications, scheduled reports) and see if it helps. You might need to check as well if the account used to connect to AD is still correct and password did not change.

Then, please double-check with your colleagues if some of them may try to authenticate via Web or remote Java console.

Finally, I would suggest you to collect logs and open case with Symantec Support for deeper analysis.

 

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

dsmith1954's picture

Nothing in the logs about failed logins - anywhere.

No scheduled reports require authentication. They all run under the service account.

Service Account still works - I can get into the SEPM console, and the service is running.

None of the administrators have a failed login attempt showing in SEPM.

Opening a case with support is such a pain, but it looks like I'll need to do that to get rid of the errors.

dsmith1954's picture

Still getting this error. System logs showed nothing, but then I checked Server Activity logs and found this:

com.sygate.scm.server.util.ServerException: The administrator's user name or password is incorrect. Type a valid user name or password. at com.sygate.scm.server.task.ScheduledReportingHelper.doReportingLogin(ScheduledReportingHelper.java:508) at com.sygate.scm.server.task.ScheduledReportingTask.execute(ScheduledReportingTask.java:246) at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462)

The mention about ScheduledReportingTask reminds me that I haven't received a scheduled report in a while. Hasn't been high on my priority list, so I haven't checked on it.

I can run Quick Reports reports, but Scheduled Reports do not run. I would think that they run under the same service account, but don't know for sure.

I've created a new Scheduled Report to run in 5 minutes. We'll see if I have to re-create all scheduled reports...

 

Greet9's picture

Hi,

Try to repair the SEPM or upgrade the new version of SEPM

Dushan Gomez's picture

Have you tried this:

c:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools\resetpass.bat

to reset the password ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

 

dsmith1954's picture

resetpass.bat doesn't exist. Maybe they removed it in 12.1 RU1 MP1?

Dushan Gomez's picture

Yes it is still there, please try it and let me know how you go ?

[please remove the -1 mark for the reply it looks bad on my post]

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

 

_Brian's picture

Still there. Try:

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

dsmith1954's picture

That folder doesn't exist. I installed to the D: drive but resetpass.bat doesn't exist on either C: or D: in any folder.

At any rate, the admin password isn't the problem. Running scheduled reports is the problem. Quick Reports run fine. Home page displays correctly. Monitors page displays correctly. All of those use SQL Server Reporting Services to display information.

Checking the details of this error in the System:Server Activity logs shows the following message:

 

Event type: An unexpected exception has occurred
Event description: The administrator's user name or password is incorrect. Type a valid user name or password.
Error message: Authentication failure, please retry.
Error code: Authentication failure, please retry.
Stack trace: com.sygate.scm.server.util.ServerException: The administrator's user name or password is incorrect. Type a valid user name or password. at com.sygate.scm.server.task.ScheduledReportingHelper.doReportingLogin(ScheduledReportingHelper.java:508) at com.sygate.scm.server.task.ScheduledReportingTask.execute(ScheduledReportingTask.java:246) at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462)

 Maybe my upgrade went bad?

dsmith1954's picture

Finally called Support. Ugh! First line was useless. Second level actually solved the issue.

The problem was with the host file on the server. Even though it hasn't been modified in 2 years, there was an entry for the IP address of the server, and the ::1 address, in addition to the 127.0.0.1. Once I removed the IP address and ::1 address, scheduled reports started flowing.

SOLUTION
Dushan Gomez's picture

ok, so the SEP v 12.1 must not have IPv6 reference or feature enabled at all ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

 

dsmith1954's picture

IPv6 is turned off on all of our servers when they install it. It's in the image like that. If your network doesn't run IPv6, then there's no need to have it turned on. It doesn't get you anything.

dsmith1954's picture

And, it slows down applications that don't know how to deal with IPv6.

Dushan Gomez's picture

Thanks for the feedback Smith, yes you are right in this case.

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP