There was a previous thread entitled Issue Indexing AD User Group. Several solutions were suggested including changing permissions in the manager.policy file and verifying permissions in Active Directory.
I had the same issue, and worked with Symantec Support. Our issue was 2 jar files left over from an 11.0 to 11.1.x upgrade.
If you have access to the Syantec Knowledge Base, see KB 55365.
Access denied on LDAP user group lookups after upgrading to 11.1
Errors look like:
SEVERE [com.vontu.manager.endpointgroup.configure.UpdateTreeview] Error during action: search, dn: null
Cause:
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
Solution:
In some cases it has been observed that the upgrade doesn't properly remove outdated LDAP jar files:
Go into the following directory: \Protect\tomcat\webapps\ProtectManager\WEB-INF\lib or /opt/Vontu/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib on Linux
There should be only two ldap jars:
Spring-ldap.jar
Spring-ldap-sandbox.jar
If the following two jar files exist as well, delete them and restart the Vontu Manager service:
Spring-ldap-core.jar
Spring-ldap-core-tiger.jar