When browsing Web sites on a computer configured to use the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) component, instead of receiving the requested Web content, a Web Security Service (WSS) error message is displayed stating "Account Restricted".

Web browsers display the following message:

Account Restricted
You cannot log in, because your account is locked out
Tech support information: configuration_error  less
For assistance, contact your network support team.
Name: <user name>
Phone: <contact phone number>
Email: <contact email>

This error message happens when a WSS policy is applied to a Web request with group-based rules, and the WSS is unable to connect to an Auth Connector. An Auth Connector is requires to translate the user/domain information provided by the SEP client through Seamless Identification into WSS Group of Interest (GOI) membership information.

To resolve this error message, either a valid AuthConnector must be installed on the local network and configured in the WSS portal to perform GOI lookups, or the WSS policy must not contain group-based rules.

For more information on configuring AuthConnector, see Deploy the AuthConnector

If a valid Auth Connector is configured, confirm the following:

• The Auth Connector is directly connected to the Internet, and traffic between the AuthConnector and WSS is not blocked by firewalls or other network devices
  See Authentication IP Addresses by Data Center for the list of egress IPs the WSS uses for authentication. Ensure these IPs are allowed through any perimeter firewalls
• The AuthConnector does not connect directly to the WSS through an IPSec tunnel