When registering a SEPM in Symantec Threat Defense for Active Directory (TDAD) it fails with the error: Account is locked or invalid username, password, or domain.

SETDADCore.log:
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNThreadSepmCreate.java:74) - JNThreadSepmCreate-registerSepm properties received from UI: {port=8446, entryName=To <SEPM Server>, ip=##.###.##.###, username=<username>, domain=Default, file=C:\Program Files\Symantec\Endpoint Threat Defense for AD\core\JavelinNodeServer\uploads\sepm\SEPMServer_Sepm_certificate_1645103456259.crt, sepmUsername=<username>}
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNThreadSepmCreate.java:77) - JNThreadSepmCreate-registerSepm verifySepmResponse status:403
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNThreadSepmCreate.java:81) - JNThreadSepmCreate-registerSepm received JSONObject:{"payload":null,"success":false,"error":"{\"errorCode\":\"400\",\"appErrorCode\":\"\",\"errorMessage\":\"Account is locked or invalid username, password, or domain.\"}","message":null}
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNUtilsCommon.java:310) - JNUtilsCommon-checkIfResponseStatusIsAcceptedOrOk Int method Start
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNUtilsCommon.java:316) - JNUtilsCommon-checkIfResponseStatusIsAcceptedOrOk Int method Finish
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNThreadSepmCreate.java:156) - JNThreadSepmCreate-registerSepm verify sepm response failed with error: Account is locked or invalid username, password, or domain.
2022-02-17 08:11:05,306 [Thread-14432] DEBUG (JNThreadSepmCreate.java:168) - JNThreadSepmCreate-registerSepm delete sepm from DB - registration failed with error: Account is locked or invalid username, password, or domain.

semapisrv_log.2022-02-17.0.log:
2022-02-17 08:11:06,413 [https-openssl-apr-0.0.0.0-8446-exec-9] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: Account is locked or invalid username, password, or domain. 
com.symantec.sepm.core.exception.InvalidArgumentException: Account is locked or invalid username, password, or domain.
 at com.symantec.sepm.server.api.identity.IdentityController.authenticateUser(IdentityController.java:195)

May also contain:
2022-02-17 08:11:05,304 [https-openssl-apr-0.0.0.0-8446-exec-9] ERROR c.s.s.s.a.i.IdentityControllerHelper - generateAccessToken>> Exception while getting token for bridge. adminTo(userName): <username>, domainId: <Domain ID>, Exception: {} 
javax.net.ssl.SSLHandshakeException: No subject alternative names present
 at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)

Solution 1: Verify that the SEPM user and password are correct, the account is not locked, and there is no % (percent sign) in the username or password.

Solution 2: Verify the SEPM's server certificate is not expired and has the correct FQDN and IP of the server in the Subject and/or Subject Alternative Name. Generate a new certificate as needed, taking care not to break SEP client communications: Generating a new server certificate (broadcom.com)