When remotely installing Symantec Endpoint Protection (SEP), you see the following error:
Error: Login to [computer] failed. Check the username and password and try again.
The Management server Cannot communicate with the remote computer. Make sure that either:
- The Windows Remote Registry service is running on the client computer.
- You enter the correct administrator credentials to authenticate the client on the target computer.
Symantec Endpoint Protection Manager 14.x version
This error can have one or more causes. Try the solutions for your operating system.
This issue can occur if the user name or password that you entered is incorrect. Enter the correct user name and password to resolve this issue.
This issue can occur if the client has Simple File Sharing (or the Sharing Wizard) enabled. It can also happen if you have set the "Sharing and security model for local accounts" client policy to Guest Only.
To resolve this issue, see Is the "Sharing and security model for local accounts" policy set to Guest Only?
If the Administrator account on the target does not have a password set, authentication fails. To resolve this issue, see Does the Administrator account have a password?
On the client, open gpedit.msc. Go to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
Confirm that the account, or the administrators group the account is under is added to "Access this computer from network". More Information here.
If the Microsoft Windows Firewall is not configured to allow File and Printer Sharing (port 445), authentication fails.
If the Remote Registry Service on the client has stopped and the service disabled, Endpoint Protection Manager cannot scan the registry because the service is not running. To resolve this issue, set the Remote Registry Service on the client to either Manual or Automatic.
For more information, refer to the SEPM tomcat logs located at
Windows 32bit: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\Logs\scm-server-0.log
Windows 64bit: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tomcat\Logs\scm-server-0.log
THREAD 91 WARNING: SearchUnagentedHost>> parseNstOutputLine: NST log line -> [WARNING: Failed to open a connection to the RemoteRegistry service on 192.168.1.230. because "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."]
If the LAN Manager Authentication Levels on the Endpoint Protection manager and clients are incompatible, they cannot communicate. Normally they are the same because Group Policy Management in Active Directory sets the policy.
When computers on the network are not using this and the connections fail, check the options on the computers involved.
If the Mac client computer is part of an Active Directory domain, use domain administrator account credentials for a remote push installation. Otherwise, have the administrator credentials available for each Mac to which you deploy.
See the appropriate Apple knowledge base article that applies to your version of macOS:
Ensure that the firewall does not block TCP port 22, which Secure Shell (SSH) uses. This port allows the required communication for remote log in.