Video Screencast Help

Problems login with administrator account

Created: 27 Aug 2012 • Updated: 29 Aug 2012 | 19 comments
This issue has been solved. See solution.

Hi,

 

We have SEPM 11, and i have added several "System Administrators" with authentication type Directory Authentication, and this works well. But if i try to add a user as "Administrator" then im not able to login. I specify the same login details... so why will it work with system administrator privileges and not administrator. ?

 

Regards

James

Comments 19 CommentsJump to latest comment

Ashish-Sharma's picture

 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tools and run resetpass.bat file, Command prompt wil appear and will disappear in few seconds.

Try login with admin as the username and admin as the password, after this It will as you to enter new password.

Edit..

https://www-secure.symantec.com/connect/forums/administrators-user-name-or-password-incorrect-symantec-endpoint-protection-manager

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

Hi

Sorry I guess I didnt explained my self correct.

 

I dont have problems login with my account, we have several system administrators accounts that work. But if i try to add a administrator account from a ldap server im not able to add this user if i give him the administrator rights, but if i choose system administrator then it is ok.

You understand me correct ?

 

/R

James

Ashish-Sharma's picture

If i am not wrong you can add Administrator user in LDAP Server but you can't able to login this ID.

Please verify this is Default Administrator account on AD ?

 

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

Well yes, I have regular accounts in AD that we have added to SEPM, some works ok. But now I think the problem could be related to the Domain ID. When I add a Domain within SEPM how do i located the Domain ID, to check if there is something wrong there. I want to verify that the domain id that is there today is correct.

 

/R

James

Ashish-Sharma's picture

Check this artical.

How to Login to Symantec Endpoint Protection Manager using your Active Directory User name and password

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/05224c9dda7f295eca25742e0018cf01?OpenDocument

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

Ok let me show what happens.

The following thing works.

1. Have added the domain and has a connection

2. Choose to Add Administrator, type in the username = domain user name

3. Change Authentication Type to Directory Authentication and select my Directory Server and type in my account name = domain user name

4. Administrator type we use default System Administrator and click ok.

5. Login with my domain user name and do not specify any domains, login works perfect.

 

So now we try the following since we dont want the user to have access to all domains. The following does NOT work

 

1. Have added the domain and has a connection (this was already done)

2. Choose to Add Administrator, type in the username = domain user name

3. Change Authentication Type to Directory Authentication and select my Directory Server and type in my account name = domain user name

4. Administrator type we use Administrator and click ok. (here things goes wrong)

5. Login with my domain user name and do not specify any domains, login failes with the error messages "Authentification failures. please try again"

 

So whats the difference between System Administrator and Administrator... the strange thing is that we have other users that has been added as Administrators before, and they work, but if we try to add new ones, it failes. We have also tried to specify domain/user and so on....

 

 

/R

James

 

 

 

Ashish-Sharma's picture

Ohhhh........

So you are using login AD default administartor account on SEPM server ?

Are you able to login same user name password to any system ?

Edit..

Step B - Create a new SEPM Administrator account:

  1. Login to the SEPM
  2. Click Admin Administrators Add Administrator
  3. Enter a username for the new administrator account. This will be the username used to login to the SEPM.
  4. Enter a full name for the new administrator account. This is used for informational purposes only.
  5. Leave the Password and Confirm Password fields blank
  6. Click Change
  7. Select Directory Authentication
  8. In Directory Server, select the Active Directory server configured in Step A-6
  9. In Account Name, enter the account name as it appears in Active Directory
  10. Click OK
  11. Click OK

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

The accounts that I add are just a simple Domain User account from AD. This account works, but if I add it with the Administrator Type Administrator:) if failes... see attached file

 

/R

James

SEPM.jpg
raadesym's picture

Same problem.

 

I did also try to add a account with Symantec Management Server Authentication, and this also failes when we choose Administrator type: SAdministrator.

So the conclusion is that if I choose Administrator type = System Administrator, then everything is ok, if we choose Administrator type = Administrator or Limited Administrator it failes.... with both AD authentication and Symantec Authentication.

The users that are already added are fine (both Administrator type = Administrator or Limited Administrator) , but noe able to add new user with that Administrator type.

You understand ?

Is there any logs where I can see some information about users connection or some other debug things related to login SEPM.

/R

James

pete_4u2002's picture

reset.bat has the username and password, can you open with notepad and confirm.

Ashish-Sharma's picture

hi,

Check this thread if may be help.

https://www-secure.symantec.com/connect/forums/create-sepm-user-name-ad

http://www.symantec.com/business/support/index?page=content&id=TECH102981

VERY IMP : YOU CAN LINK ANY ACCOUNT INCLUDING "admin"ACCOUNT

If you have linked this account with an AD account follow the steps below....

 

  1. Remember the account in AD that was linked to the admin account for SEP Manager
  2. Let consider the account name you linked with is "myaccountinad"
  3. The password of "myaccountinad" is "password"

Login using the

Username: admin (would remain the same even after linking just password that gets maped)

Password: password (password of the account ("myaccountinad") which is linked to admin)

 

 

 

 

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

Hehe, dont know if you see my problem. Lets say this,dont mind AD integration.

 

We just try to add a user with Symantec authentification... See pictures attached with name works and failes..., one failes one works.... why ? :):)

 

/R

James

works.jpg failes.jpg
Ashish-Sharma's picture

What happens if you uncheck the Box for Directory Authentication (Edit the Limited Administrator > Under Authentication TAB)?

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

like I said, now we created a user with SEPM authentification. See attached file. :)

Cant see that we do anything wrong... just 2 settings that changes from test1 and test2 user. These users are added here, they are not in AD og local users.

 

/R

James

test user.jpg
Ashish-Sharma's picture

HI,

I wish i could ,we have test all of thing but no result.

Please raise support ticket on symantec support.

http://www.symantec.com/support/assistance_care.jsp

 

Thanks In Advance

Ashish Sharma

 

 

raadesym's picture

Hi,

The problem we solved today...hehe.. and it was misspell.. the domain when you login is case sensitiv, so thats wjy it failed. I must say that having this case sensitiv is a problem :) should be notifed....

 

/R

James

SOLUTION
Ashish-Sharma's picture

Ohhhhhhhhhhhhhh...

Littile bit mistek :)wink

Thanks In Advance

Ashish Sharma