API failed with errorCode 400errorMessage":"Account is locked or invalid username, password, or domain."
search cancel

API failed with errorCode 400errorMessage":"Account is locked or invalid username, password, or domain."

book

Article ID: 384252

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

API executed on the Symantec Endpoint Protection Manger [SEPM] failed with  {"errorCode":"400","appErrorCode":"","errorMessage":"Account is locked or invalid username, password, or domain."} 

 

semapisrv_catalinalog. <data>.log

2024-10-26 08:25:45,026 [https-openssl-apr-0.0.0.0-8446-exec-4632] WARN  o.s.s.o.provider.endpoint.TokenEndpoint - Handling error: InvalidGrantException, Could not authenticate user: 08968xxxxxxxxxxxxxD49C7F/xxx 
2024-10-26 08:25:45,026 [https-openssl-apr-0.0.0.0-8446-exec-4632] DEBUG o.s.web.servlet.DispatcherServlet - Completed 400 BAD_REQUEST 
2024-10-26 08:25:45,026 [https-openssl-apr-0.0.0.0-8446-exec-4632] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request 

semapisrv_log.<date>.log

2024-10-30 00:03:12,477 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.s.s.s.m.l.ldap.DirectoryAuthenticator - Trying to authenticate against Directory Server: x.x.x.x Port: 636 Type: 0 SSL: true Account: [email protected] 
2024-10-30 00:03:12,477 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.s.s.server.module.login.ldap.LdapManager - LdapUtils>> login: logging into AD... 
2024-10-30 00:03:12,477 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.s.s.s.module.common.util.PropertiesUtils - PropertiesUtils> PropertiesUtils>> rootPath: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat 
2024-10-30 00:03:12,477 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.s.s.s.module.common.util.PropertiesUtils - PropertiesUtils> PropertiesUtils>> propPath: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties 
2024-10-30 00:03:12,478 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.s.s.server.module.login.ldap.LdapUtils - LdapUtils>> connect: Setting the properties... 
2024-10-30 00:03:12,478 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.s.s.server.module.login.ldap.LdapUtils - LdapUtils>> connect: Connecting... 
2024-10-30 00:03:12,478 [https-openssl-apr-0.0.0.0-8446-exec-652] INFO  c.s.s.s.m.l.ldap.LdapDummySSLSocketFactory - LdapDummySSLSocketFactory>> getDefault: Acquiring the default socket factory] 
2024-10-30 00:03:12,478 [https-openssl-apr-0.0.0.0-8446-exec-652] INFO  c.s.s.s.m.l.ldap.LdapDummySSLSocketFactory - LdapDummySSLSocketFactory>> LdapDummySSLSocketFactory: creating a custom socket factory] 
2024-10-30 00:03:12,478 [https-openssl-apr-0.0.0.0-8446-exec-652] DEBUG c.symantec.sepm.core.common.util.FipsUtil - FipsUtil.getSecureContext >>  fipsMode=false, Provider=SunJSSE version 11, ProviderInfo=Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2) 
2024-10-30 00:03:12,478 [https-openssl-apr-0.0.0.0-8446-exec-652] INFO  c.s.s.s.m.l.ldap.LdapDummySSLSocketFactory - LdapDummySSLSocketFactory>> createSocket: 5 
2024-10-30 00:03:12,611 [https-openssl-apr-0.0.0.0-8446-exec-652] INFO  c.s.s.s.m.l.ldap.LdapDummySSLSocketFactory - LdapDummyTrustManager>> checkServerTrusted: done! 
2024-10-30 00:03:12,611 [https-openssl-apr-0.0.0.0-8446-exec-652] ERROR c.s.s.server.module.login.ldap.LdapUtils - LdapUtils>> connect: Exception...  
javax.naming.CommunicationException: simple bind failed: x.x.x.x:636

Environment

SEPM version 14.X and Endpoint Protection Manager administrator accounts uses Active Directory authentication

 

 

Cause

AD authentication failed for the account used for API execution.

Resolution