An authentication failure error was received while adding the server to the SPE 9 Console scanner group
search cancel

An authentication failure error was received while adding the server to the SPE 9 Console scanner group


Article ID: 270070


Updated On:


Protection Engine for NAS


When attempting to add a Windows server to a scanner group via the Protection Engine Console, the result was a failure returned in a box with the following content:

Failed to add following server(s): <ip address>. Reason: Authentication failed due to invalid LDAP configurations


- Verified that the contents of the "LDAP Configuration" section of "C:\Program Files\Symantec\Scan Engine\RestAPI\" was correct. This file exists on all SPE 9 servers.

Example:  Note: The names and addresses for this example are fictional / changed, but the scenario is accurate.

sperestapi.ldap.url=Raptor-dc.jurassic.local      { responded when pinged.  NSLOOKUP returned an address }
sperestapi.ldap.port=389                                   { LDAP port 389 was accessible and listening when attempt was made to telnet to it }
sperestapi.ldap.groupdn=CN=SPE-NAS-Admins,OU=Groups,DC=Jurassic,DC=local          { Ran the command:  dsquery group -name SPE-NAS_Admins.  It returned  CN=SPE-NAS-Admins,OU=Groups,DC=Jurassic,DC=local }



Release : 9.0.0,


A DNS record had the wrong address for the named LDAP controller "Raptor-dc.jurassic.local". There were several other domain controllers responding to the DSQUERY command which gave the illusion that all was correct. However the address for the controller named in (in this case Raptor-dc.jurassic.local ) was different.

The address that was returned by NSLOOKUP was, which did respond to a ping request. But the server that responded was not a domain controller nor did it have a copy of the directory on it.

It was verified that the correct address for server Raptor-dc.jurassic.local  was which actually resolved to a different name.


Put the following entry into the SPE server's hosts file (C:\Windows\System32\drivers\etc\hosts)    Raptor-dc.jurassic.local

After saving the hosts file the attempt to import the server was correct because it contacted the named LDAP controller at its correct address and not what the DNS resolver was giving out.

The above workaround allowed the SPE server to be imported and managed but the eventual solution was to fix the record in the DNS resolver(s) forward lookup records. And then running IPCONFIG /FLUSHDNS on the server(s)