Endpoint Protection

Problem:

I can't login in to the console anymore. not with our AD account and not with our 'local' admin account.

We tried to reset the admin account but we didn't get any mail. If I look add mailconf.properties i see this:

• SEPM 12.1 RU2
• Windows 2008 x64
• We use AD connection for our adminaccounts
• We use a external sql DB

What I have tried/checked:

• I checked the log file for connection errors, (Only found one where connection was rejected but this was to download definitions not sure its the same problem)
• Checked if none of our service accounts was locked --> No locked account
• Checked the connection to our DB --> there is a connection.
• Checked if use a 'fake' virus of we still get mail --> We still get mail when a computer is infected.
• Checked if the domain controllers are up --> they are up. (SEP use a specific DC)
• Restarted the services --> Same problem
• If we tried 5 time our account will be locked.
• I tried to reset the password of the admin account --> I don't get any mails, i don't think the mail is send.
• I did the Management Server Configuration Wizard.

What i haven't tried yet:

• Full reboot of the server. (I'm not allowed to do this myself, i have to ask someone from the 'server team' to do this.)
• Check in exchange if the mail (to reset admin password) is sended.

What i want (if possible).

I'm looking for a way to get back in to the console, but I prefer to not use disaster recovery.

Did you add the email address you want the reset notification sent to in the mailconf file?

Oh Let me try this, why didn't i think about that 

Do i have to restart the services? cause i don't get any mail (or i didn't wait long enough)

Try restarting the service after saving your changes.

Hello,

Check this Article:

How to Reset Symantec Endpoint Protection Manager Console password in SEP 12.1

https://www-secure.symantec.com/connect/articles/how-reset-symantec-endpoint-protection-manager-console-password-sep-121

Hope that helps!!

After i restarting teh services the file get overwritten with the 'older' config. So I suppos this is just a dumpfile to give us information and not a config file

Already tried that. (except logging a case for the resetpass.bat)

I have the folowing in de mailconfig.properties:

Hi,

Thank you for posting in Symantec community.

If SEPM is synch with AD account then you can't login with 'local' admin

You can't directly change the email address in mailconf.properties. Even thought you could saved new address it won't work.

You need to change after login to the console then it should reflect in mailconf.properties.

Was there any change in IP address/hostname or any other changes on SEPM installed server.

Try with AD server IP address instead of hostname/FQDN or vice versa.

As you mentioned at adminMailReciptants around 10 address are there. Try to login with those accounts if possible. 

The AD Sync logs are useful for identifying issues during AD Synchronization. 

File Location: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\Logs\ADSITask-0.log

Search for the keyword “Error Code” and the next few lines for the reason. Search the KB for the error code! 

Forgot to add this one, You can't use 'Forgot password' link in this case because you can use this method to reset a password only for the administrator accounts that authenticate by using Symantec Management Server authentication.

This method does not work for any administrator accounts that authenticate by using either RSA SecurID authentication or directory authentication.

Refer the note mentioned in this article: http://www.symantec.com/docs/HOWTO55059

What the error message you get when you try to login?

Access Denied or Failed to connect to the server?

Hello,

Do not use the built-in SEPM "admin" account when setting up Active Directory Authentication, doing so can prevent logon access to SEPM with "Authentication Failure" error. Lockout issues can occur when changing the Active Directory account, upgrading Active Directory, changing Active Directory mode, and when removing SEPM(s) as a replication partner.

SEPM Active Directory Authentication is only supported for Admin accounts that have been created in SEPM by clicking "Add Administrator."

NOTE: The SEPM user name is taken from SEPM database while the password is taken from Active Directory for the account you specified in Account Name.

None of those accounts works.They just get the error that there loginname or password is wrong. But thats not the case cause we use those accounts for alot of other things...

Is there a way to change AD config without logging in?

In the log i have the following:

The error i get when I try to login:

"The administrator's user name or password is incorrect. Type a valid user name or password."

What i haven't tried yet:

• Full reboot of the server. (I'm not allowed to do this myself, i have to ask someone from the 'server team' to do this.)
• Check in exchange if the mail (to reset admin password) is sended.

Rebooted yesterday and our exchange admistrator don't see any mails coming from our SEPM.

--> Problem still exist.

Run the resetpass.bat you need to call support to get the tool or create webcase to get the login details emailed

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

• United States: https://support.broadcom.com (407-357-7600 from outside the United States)
• Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
• United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

Does the rest pass change the method to login: So disable login with AD?

Hi,

There is no way to chagne AD config without loggin in.

Total how many clients are there?

Personally I think you will have to reinstall the SEPM.

We have 2200+ clients

Reset pass is no help in this case.

Could you please attach ADSITask-0.log adn ADSITask-1.log to this thread.

You can make file attachments, option is available at the bottom.

I contacten symantec, and they gave me the resetpass.bat file. And this solved my problem.

I'm verry happy aboyut this cause this saved me from doing  a disastery recovery on next week monday...

Good to know issue has resolved, However I do wonder how resetpass.bat could help.

I'm not sure about it, but i have 1 local admin account where i didn't have the correct password for it so i just runned the resetpass.bat and I could login. But still can't login with ad account on that specific DC, but i think the problem is on teh DC server (There were alot of changes on the server last week so i suppose someting went wrong.) 

I just choosed another DC and problem is solved.