It looks like a regression bug like what was in 15.0 to 15.0 MP1 when it replaced the Kerberos Authentication “springSecurityContext.xml” with the default forms based template (REF https://support.symantec.com/en_US/article.TECH248556.embed.html ).
If you have not started this update, then make sure you backup the following folder in addition to best practice EnforceReinstallationResources.zip etc. \Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\webapps\ProtectManager\WEB-INF
However, if you did not backup this file previously (since the MP patches no longer do their own auto-archive of the directory structure), you will need to perorm the following to be able to log in with AD Authenticated accounts again:
- Go into the following folder: \Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\webapps\ProtectManager\security\template
- Grab and edit springSecurityContext-Kerberos.xml
- Replace <property name=”krbConfLocation” value=”C:\SymantecDLP\Protect\config\krb5.ini”/> with the current location of your krb5.ini file (presumably \Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\config\krb5.ini)
- Rename springSecurityContext-Kerberos.xml to springSecurityContext.xml
- Copy and overwrite the file in the following folder: \Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\webapps\ProtectManager\WEB-INF
- Restart SymantecDLPManagerService