Protection Engine console fails to add server with LDAP error
search cancel

Protection Engine console fails to add server with LDAP error


Article ID: 272394


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS


During an attempt to add a Symantec Protection Engine (SPE) device to management it fails with the error :

"Failed to add following server(s): ########   Reason: Authentication failed either due to invalid credentials or the user is not part of the LDAP group."


Windows SERVER 2012, 2016, 2019 and 2022


One possible cause is missing LDAP data in the C:\Program Files\Symantec\Scan Engine\RestAPI\ file.

Missing data or incorrect data on this line in the file

Logged verbose data from console ADD attempt shows missing LDAP data:
INFO  springframework.ldap.core.LdapTemplate:1448 - No results found for search, base: ''; filter: '(&(distinguishedName=CN=FAKEUSER,OU=Users,OU=Corporate,OU=Client,DC=ad1,DC=prod)(memberOf:1.2.840.113556.1.4.1941:=CN=FAKE-App-222-Prod-Windows-Admin-RG,OU=FAKE.GROUP,OU=Admins,DC=FAKEADSERVER,DC=prod)(objectClass=user))'.



In the event the Application.Properties file did not propagate the correct RESTAPI baseDN data,  you can enter this data manually by copying another working SPE devices entry,  or re-entering the data manually.

If it still fails to validate the user\pass the AD\LDAP server may not have up to date replicated AD data for groups. You will need to contact your organizations AD group to validate the LDAP baseDN path, and if the user is properly permissioned.