When clicking on the Symantec Endpoint Protection Manager (SEPM) "Forgot Password" link , you do not receive an email regarding a password reset.

Below errors are seen in the logs:

• scm-ui-xxx-xx-xx-xx-xx-xx-xxx.err: com.sygate.scm.console.util.ConsoleException: The server can not send the email message to the administrator. Check that the email server is connected, or that the email address (and email credentials) for this administrator are corrected. [0x81080000]
• ResetPassword-0.log: THREAD 75 SEVERE: Sending mail failed. So retrying to directly send it to corresponsing mail servers.

 WARNING: com.sygate.scm.util.mail.EmailException: javax.mail.MessagingException: Could not connect to SMTP host: xxx.xxx.xx.xx., port: 25;
  nested exception is:
    java.net.ConnectException: Connection timed out: connect

• There is no sign of attempt to send email in SEPM logs.

Symantec Endpoint Protection 14.x

The database contains settings which result in the configured mail server not allowing the reset password email to be sent, or the admin account does not contain a valid email address.

By default, if the administrator does not specify a mail server when setting up the email address during the Management Server Configuration Wizard, we use the mail server defined in the MX record for the domain of the email account.

By design "Forgot your password?" feature doesn't work for administrator accounts that use Directory Authentication or RSA SecurID Authentication: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/managing-groups-clients-and-administrators/managing-administrator-accounts-v17364367-d1e6/resetting-a-forgotten-password-v16011680-d1e1777.html

Retrieve the ResetPassword-0 log located in the tomcat/logs folder of the SEPM. This file does not exist until a password reset attempt is made. Once you have retrieved this log file you will need to work to resolve any errors contained in the log.

Although the mailConfig.Properties file contains email address and server settings, the settings in this file are only used by the SEPM to alert the administrator in the event of the database server being down or inaccessible.  The password reset email is always sent using the email settings stored in the database.

If the SEPM cannot send a password reset email, the only supported option is to perform a Disaster Recovery and reinstall the SEPM.