Symantec Endpoint Protection Managers are set up for replication with Active Directory Authentication enabled. The replication partners are removed from one or more of the SEPM's at which point you are unable to login to SEPM and receive the error "Authentication Failure". Even when logging in locally to the SEPM the "Authentication Failure" error persists.


 

This issue is caused when the built-in SEPM "admin" account is used to authenticate to Active Directory and a change occurs to the Active Directory account, or Active Directory is upgrade, or the Active Directory mode is changed, or when removing SEPM(s) as a replication partner.

Run the "Management Server Configuration Wizard" on the SEPM that you are locked out of (using the replication option) and reconfigure the SEPM to point back to the previous SEPM that it was successfully replicating with, and then disassociate the built-in SEPM "admin" account for Active Directory Authentication.

For steps on how to correctly set up SEPM Active Directory Authentication, see document: How to setup a SEPM administrator account to use your Active Directory authentication

WARNING:
Do not use the built-in SEPM "admin" account when setting up Active Directory Authentication, this can lock you out of SEPM when changing the Active Directory account, or when upgrading Active Directory, or when changing the Active Directory mode, or when removing SEPM(s) as a replication partner.

SEPM Active Directory Authentication is only supported for new (Administrator) users created in SEPM.