search cancel

SEDR displays 'Invalid credentials. Please try again.' when enabling Email Correlation


Article ID: 163778


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform


For Advanced Threat Protection or Symantec Endpoint Detection and Response, when using Synapse with the Email correlation feature, you see an error regarding invalid credentials.

The Health Status may also show the message, "Synapse Email correlation is malfunctioning: please check configuration." or "Invalid synapse config"


This is indicating that, as the error states, the specified user or password is invalid. This can happen at any time given that ClientNet passwords can expire if configured as such.


  • Validate that the user & password are correct by using the same username/password to log in to:
  • Reset username/password on ESS Portal OR
  • Re-enter username/password on ATP by disabling and enabling ESS correlation


NOTE: When testing username and password via, please remember that accounts with 2 Factor authentication enabled do not require a unique VIP token specified for each secondary login. Also, if you use a primary login to reset the password of a secondary account, you actually create a temporary password. The first time the secondary is used to login, it will be required to set a new password. Until this permanent reset occurs, ATP will not be able to use the credentials for the secondary login to authenticate and retrieve events from Email