Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

can not add an administrator in SEP manager

  • 1.  can not add an administrator in SEP manager

    Posted Sep 04, 2013 02:12 AM

    in the past , I use the follwing method to add an administrator in SEP manager without any problem,

    Admin->add an administrator->Directory Authencation-> when test account ,the result is 'Directory account authenticated'.

     

    in recent when i add a new administrator ,the error message pops up:

    error message.gif

     

    but I can use the this domain account to login any pc in the domain successfully, which can verify the 'password' of this account is correct. And I login DC and reset the password of this account and try again, without luck.

    As I remmeber the only change I did during the period is ugprade SEP Manager fron version 12.1.1 to 12.1.3 . I am not sure if the uggrade is related to this problem,

    please help me out

    thanks

    Best Regards

    Michael

     



  • 2.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 02:28 AM

    Do you have set Directory Authentication ?

     

    Authentication Method: Directcationory Authentication

     

    Check this artical

    https://www-secure.symantec.com/connect/articles/sepm-administrators



  • 3.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 02:41 AM

    Hi

     

    thanks for reply.

    after reivew the article , my opeartion is compliance with the article desciprtion.

    and i use Directory Authencation : then test account ,the result is 'Directory account authenticated'.

    what's more, in the past I could add a new administrator according to the same method without any problem, but this time failed

    br

    Michael

     



  • 4.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 02:44 AM

    The problem is the Domain

    when log in to the SEPM on the login screen the third filed is Domain, this is not your AD domin but the domin in SEPM.

    Login in to SEPM 

    Admin

    Domains

    Do you see any other domain apart from Default, if yes then You need to specifiy this domain name in the log on filed. It will then let u to log in :)



  • 5.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 03:03 AM

    Hi

    i specify the domain name but with the same error.

    and I can use the account (previous created) login successfully when keep domain filed as 'blank'.

    My problem is the previous account can login , but only the new created account can not login ?

     

    thanks



  • 6.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 03:22 AM

    Hmm, SEPM will sync with AD ever24 hours, Only this account does not work or any limited admin does not work?

    have you tried Domain\Username in the user filed?



  • 7.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 03:36 AM

    Hi

    Recently I add serveral accont and grant them  'Administrator'' right, all of them with the same error.

    the user filed can not be input '\'

    BR



  • 8.  RE: can not add an administrator in SEP manager
    Best Answer

    Posted Sep 04, 2013 03:51 AM

    Just to verify the cause of the issue, would you be able to test creating these AD-linked admin accounts with System Administrator privileges, and see if this continues to fail login?

    Should it suceed with System Administrator privileges but fail with Administrator or Limited Administrator privileges, then it is an issue with the SEP Domain ("Thumbs Up" to Rafeeq) and you'll need to enter the SEP Domain (found in ADMIN -> Domains of the SEPM Console) into the "Domain" field of the logon screen.  You do not enter your AD domain in here.

    Also, it's worth remembering that the username you use in SEPM is not necessarily the same as the AD username, and also that it is case sensitive.



  • 9.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 05:58 AM
      |   view attached
    thanks, the problem is solved. ' it's worth remembering that the username you use in SEPM is not necessarily the same as the AD username, and also that it is case sensitive.' this explaination inspires me , then I found out it's my mistake. when doing 'Directory Authencation' , I misunderstood the 'Account Name' field should be input domain admin account. actually it should input user name (domain user) which you plan to use as SEP administrator. Then I input user name and perform 'Test Account' , after the account is authenticated, I logoff current account and use this new account with windows login passord login SEP mamager console successfully. attached scree dump for reference '


  • 10.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 06:04 AM

    just consider 1 thing, if I have several domain users need be added as SEP limited administrator and with same group access right in SEP.

    is it possible I create a windows security group in AD and add these domain users into this security group. Then in SEP manager I only need add this security group as the limited administrator is enough?

    thanks

    Best Regards



  • 11.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 06:32 AM

    AFAIK you cannot add a secuirty group. It will be single user id.



  • 12.  RE: can not add an administrator in SEP manager

    Posted Sep 04, 2013 06:32 AM

    Nopes, AD Groups cannot be used for SEP Admin account authentication.  Only individual AD accounts can be used for this I'm afraid.

    I'm glad to hear you my post pointed you in the right direction.  As always, it'd be appreciated if you could mark any posts that your found useful with a "Thumbs Up" or as the Solution to aid others who might be experiencing the same problem yes