The Advanced Security tab is showing "An authentication mismatch has occurred" or API returns "Account is locked or invalid username, password, or domain. "
Article ID: 266363
Updated On:
Products
Issue/Introduction
When accessing the Advanced Security tab in the Endpoint Protection Manager (SEPM), and you have never accessed it before, under certain circumstances you might see the following error "An authentication mismatch has occurred". You may also see the error "Account is locked or invalid username, password, or domain." when trying to authenticate via the API.
In the SEPM semapisrv_log.YYYY-MM-DD.0.log you may see:
[https-openssl-apr-0.0.0.0-8446-exec-9] DEBUG c.s.s.s.s.ServletIntegrationMgr - processResponse>> responseCodeAsString: 305135859 errorMessage: errorMessageShow:
You may also see the following error in the same log:
[https-openssl-apr-0.0.0.0-8446-exec-3] ERROR c.s.s.s.c.e.h.GlobalControllerExceptionHandler - EXCEPTION: Account is locked or invalid username, password, or domain.
In the scm-server-*.log you see (versions listed for Requester and Server may vary but will be different from each other):
THREAD 26 SEVERE: LoginHandler> doLogin>> Server and Requester schema versions don't match. Requester Schema: 14.3.6.6000, Server Schema: 14.3.7.7000
Environment
Release : 14.3 RU+1
Resolution
To resolve the issue, perform the following steps:
- Stop all SEPM services
- Back up all files and folder from '<SEPM_HOME>\tomcat\instances\sepm-api\webapps'
- Delete all files from folder except sepm.war.new
- Rename sepm.war.new to sepm.war
- Start all SEPM services
- Check sepm folder under '<SEPM_HOME>\tomcat\instances\sepm-api\webapps' is getting generated after service restarts
- Check if the old sepm.war issue exists in other SEPMs and apply the same steps
Additional Information
If SEPM was enrolled to cloud before and it started showing the authentication mismatch error, check this KB article Symantec Endpoint Protection Bridge Service does not stay started after enrollment.
Feedback
