Renaming a Directory Server in SEPM results in login failures when using an AD account to log in.
Article ID: 370618
Updated On:
Products
Issue/Introduction
When using Directory Server Authentication, after changing the name of an already mapped Directory Server under Server Properties > Directory Servers, users mapped to that directory server won't be able to logon again if account is not remapped to renamed Directory.
When logging to SEPM invalid credentials message will be displayed.
This can have a bigger impact if no other system admin account with local SEPM authentication or connected to another directory server exist.
Cause
After renaming the Directory Server, users are not automatically mapped to the renamed Directory server.
For example, after renaming the Directory Server from AD.com to AD1.com, an admin account will still be linked to AD.com instead of AD1.com.
Resolution
Do not rename the Directory Servers using the Server properties dialog box, or else you won't be able to log on to the management server using administrators based on AD authentication. Instead, rename and remap the server's name for each administrator from the Administrator properties under authentication settings tab.
If the name of a Directory Server is changed in the Server properties dialog box, each admin linked to it must be remapped to the renamed Directory without logging off or by logging into SEPM using a system admin account.
Otherwise, access to SEPM can be lost, and it can only be recovered by restoring the database from a previous backup.
To avoid this issue, do not use the built-in SEPM System administrator account called "admin" when setting up Active Directory Authentication. Doing so can prevent logon access to SEPM with an "Authentication Failure" error. Lockout issues can occur when changing the Active Directory account, upgrading Active Directory, changing Active Directory mode, and when removing SEPM(s) as a replication partner.
Feedback
