User receives error, "Invalid Username/Password, Disabled Account" when trying to access the Enforce console using AD authentication.

Kinit test gives error krb_error 6 Client not found in Kerberos database (6)

\Program Files\Symantec\DataLossPrevention\Server JRE\<version>\bin>kinit.exe username password
Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database.
KrbException: Client not found in Kerberos database (6)
        at sun.security.krb5.KrbAsRep.(init)(KrbAsRep.java:66)

This error code is seen when Active Directory replication is broken between the domain controllers . In this case, The user that is authenticating against the Domain controller has not been replicated to the DC that is the authenticator (KDC) of the User in that site. We found that the replication was broken and when the AD replication was fixed, we were able to authentication and tested using KINIT with same user against the same Domain controller.

NOTE: If krb5.ini file has more than one domain controller (KDC) entries then you can also check authentication with other domain controller using following command to verify which KDC is able to authenticate the user.

DLP 15.8
\Program Files\AdoptOpenJRE\jdk8u262-b10-jre\bin\kinit.exe [email protected] password
\Program Files\AdoptOpenJRE\jdk8u262-b10-jre\bin\kinit.exe [email protected] password

DLP 16.0
\Program Files\AdoptOpenJRE\jdk8u262-b10-jre\bin\kinit.exe [email protected] password
\Program Files\AdoptOpenJRE\jdk8u262-b10-jre\bin\kinit.exe [email protected] password