search cancel

SEDR displays 'Invalid credentials. Please try again.' when enabling Email Security.cloud Correlation

book

Article ID: 163778

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

For Advanced Threat Protection or Symantec Endpoint Detection and Response, when using Synapse with the Email Security.cloud correlation feature, you see an error regarding invalid credentials.

The Health Status may also show the message, "Synapse Email correlation is malfunctioning: please check configuration." or "Invalid synapse config"

Cause

This is indicating that, as the error states, the specified user or password is invalid. This can happen at any time given that ClientNet passwords can expire if configured as such.

Resolution

  • Validate that the user & password are correct by using the same username/password to log in to: http://clients.messagelabs.com/
  • Reset username/password on ESS Portal OR
  • Re-enter username/password on ATP by disabling and enabling ESS correlation

 

NOTE: When testing username and password via https://clients.messagelabs.com, please remember that accounts with 2 Factor authentication enabled do not require a unique VIP token specified for each secondary login. Also, if you use a primary login to reset the password of a secondary account, you actually create a temporary password. The first time the secondary is used to login, it will be required to set a new password. Until this permanent reset occurs, ATP will not be able to use the credentials for the secondary login to authenticate and retrieve events from Email Security.cloud.