Symantec Protection Engine (SPE) Console 9.0 is installed with Active directory authentication.
SPE server is accessed using PAM login with a different user belonging to child domain.
The login credentials used for SPE Console are from a different child domain in the same parent AD.

While login to the SPE console, error thrown in "Invalid login credentials"

From the CmafUI.log

2023-04-14 02:46:30,677 [1] INFO  Symantec.Cmaf.UI.FormSMSUI - main started..
2023-04-14 02:46:47,082 [1] INFO  Symantec.Cmaf.Security.AuthManager - Successfully read the ldap information from the registry
2023-04-14 02:46:47,145 [1] INFO  Symantec.Cmaf.Security.LdapAuthManager - Successfully read the ldap group name from the registry.
2023-04-14 02:46:47,348 [1] ERROR Symantec.Cmaf.Security.LdapAuthManager - Either user principal  or group principal is null.
2023-04-14 02:46:47,348 [1] ERROR Symantec.Cmaf.Security.LdapAuthManager - The credentials of the <username> is invalid
2023-04-14 02:46:47,348 [1] INFO  Symantec.Cmaf.Security.AuthManager - Successfully validated the credentials for the user name: <username>
2023-04-14 02:46:49,504 [1] ERROR Symantec.Cmaf.UI.FormSMSUI - Exception Message:Invalid login credentials
2023-04-14 02:46:53,545 [1] INFO  Symantec.Cmaf.UI.FormSMSUI - Symantec Cmaf Common UI Closing....

SPE 9.0.0.49

SPE Console 9.0.0.92

Platforms for SPE: Windows, Linux

SPE login does not support nested domain login. Hotfix on SPE 9.0 HF01 is provided to support this functionality.

This issue is resolved in SPE 9.0.1. Please upgrade to SPE 9.0.1. If you are not able to adopt SPE 9.0.1 immediately, this repair is also available as a hotfix containing only this fix:

Hotfix on SPE 9.0 HF01
Attached file: SPE 9.0 HF01.zip

Step to deploy SPE REST API hotfix on Windows:
-------------------------------------------------
1. Stop the SPE Rest API service from windows service manager (services.msc).
2. Go to SPE Rest API install location (Default install location: C:\Program Files\Symantec\Scan Engine\RestAPI\).
3. Take back up of sperestapi.jar file.
4. Copy sperestapi.jar at the same location.
5. Ensure the permission and ownership of newly copied files are identical to backed-up file.
6. Start the SPE Rest API service from windows service manager (services.msc).

Step to deploy SPE REST API hotfix on Linux:
---------------------------------------------

1. Stop the SPE Rest API service  (/etc/init.d/symcrestapiservice stop).
2. Go to SPE Rest API install location (Default install location: /opt/SYMCScan/RestAPI/).
3. Take back up of sperestapi.jar file.
4. Copy sperestapi.jar at the same location.
5. Ensure the permission and ownership of newly copied files are identical to backed-up file.
6. Start the SPE Rest API service (/etc/init.d/symcrestapiservice start).

Steps to deploy SPE Console hotfix:
------------------------------------

1. Close the SPE console
2. Go to console’s <Install location>\bin [ Default location - C:\Program Files\Symantec\Scan Engine Console\CMaF\bin]
3. Take backup of 'Symantec.Cmaf.Security.dll’ file.
4. Copy 'Symantec.Cmaf.Security.dll' at the same location

NOTE: This hotfix is only applicable for SPE Console - 9.0.0.92