Endpoint Protection

SEP Server 11.0.6 (Win2003 standard) with 11.0.7 clients

Cannot autheniticate anymore to SEPM console nor can any other person assigned as an administrator.

Password reset procedure did not work either (tried numerous variations I found in fora)

After about 3 years since installation I am doubting myself but... If user name used as administrator's account is  case sensitive and password used is the same as my AD account password, is it safe to say that AD authentication is in place? If my assumption is correct then password reset cannot work, right?

Our DC has been replaced by a new one (different static IP) so maybe there is an issue with authentication for that reason? Is there a way to find out where my credentials for SEPM are being verified?

Should I be looking at possible DNS issue rather than SEPM authentication issue?

Any tips and hins would be much appreciated.

Thanks in advance!!

Hello,

Is that you haven't touched the SEPM since 3 years??

I doubt as you say that SEPM is 11.0.6 and clients are on 11.0.7 as these are new installations.

Again, you don't remember the SEPM login password, correct?

Do you remember the SEPM username??

By default, it should be "admin" (without quotes and case sensitive)

Could you try changing the system timing to 30 minutes later than the Present time and try the resetpass.bat

This may change to

Username: admin   (case sensitive)

Password: admin   (case sensitive)

Also, check this Article:

https://www-secure.symantec.com/connect/blogs/error-authentication-failure-when-trying-log-symantec-endpoint-protection-manager-console-addi

Probably that may help!

The default account is admin. if you are using any other account with the AD account password, that it should be true that is is AD dependent and password reset will not work in this case.

Unfortunately SEPM does authenticate AD dependent accounts from AD hance, since your old AD does not exist, there would be no way that SEPM can authenticate your account.

The only possible way is to reinstall the SEPM with a new database, and start from the scratch of reconnecting the clients.

What most likely has happened is you used the built in admin account when setting up Active Directory Authentication. This could lock you out of SEPM with an "Authentication Failure" when changing the Active Directory account, or when upgrading Active Directory, or when changing the Active Directory mode, or when removing SEPM(s) as a replication partner.

It is not supported to use the built in admin account for SEPM Active Directory Authentication. This information is available from the below document towards the bottom under the large red warning.

http://www.symantec.com/docs/TECH104726

Hello gudrance,

Please see my private message to you.

Regards,

James

If you changed your DC, what I can suggest is:

Add a second static IP address (that of the old DC) to the new DC's NIC.  (advanced portion of TCP/IP properties)

Also, add an entry into your DNS server as an alias with the old domain controller name pointing to the new DC's second IP address.

If you have configured LDAP authentication, you would have set it up using one of these 2 methods (FQDN or IP).  By creating the DNS entry you may be able to trick the SEPM server into authenticating to one of those 2.  Because port 389 is accepting responses on the new DC and on the IP or Name resolved from DNS, it should be able to authenticate you and or your users.

If you are able to authenticate, you can than change your settings and remove your newly created DNS entries.

Hope that helps.