During an attempt to add a Symantec Protection Engine (SPE) device to management it fails with the error :
"Failed to add following server(s): ######## Reason: Authentication failed either due to invalid credentials or the user is not part of the LDAP group."
Windows SERVER 2012, 2016, 2019 and 2022
One possible cause is missing LDAP data in the C:\Program Files\Symantec\Scan Engine\RestAPI\application.
Missing data or incorrect data on this line in the application.properties file
sperestapi.ldap.basedn=
Logged verbose data from console ADD attempt shows missing LDAP data:
INFO springframework.ldap.core.LdapTemplate:1448 - No results found for search, base: ''; filter: '(&(distinguishedName=CN=FAKEUSER,OU=Users,OU=Corporate,OU=Client,DC=ad1,DC=prod)(memberOf:1.2.840.113556.1.4.1941:=CN=FAKE-App-222-Prod-Windows-Admin-RG,OU=FAKE.GROUP,OU=Admins,DC=FAKEADSERVER,DC=prod)(objectClass=user))'.
In the event the Application.Properties file did not propagate the correct RESTAPI baseDN data, you can enter this data manually by copying another working SPE devices entry, or re-entering the data manually.
If it still fails to validate the user\pass the AD\LDAP server may not have up to date replicated AD data for groups. You will need to contact your organizations AD group to validate the LDAP baseDN path, and if the user is properly permissioned.