Why do I see Error Incorrect username, password, or domain provided for SEPM when using the correct username and password?
search cancel

Why do I see Error Incorrect username, password, or domain provided for SEPM when using the correct username and password?

book

Article ID: 232652

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection

Issue/Introduction

  • When trying to configure or connect the SEPM controller in EDR you see

    Error: Incorrect username, password, or domain provided for SEPM

 

 

 

 

Environment

Release : 4.6.x

Cause

  • Certificate validation failed
  • Username/Password is wrong or the account is locked.
  • SEPM domain is wrong

Resolution

Scenario 1: Certificate Validation Failed

Option 1: Update the DNS record.

  1. The FQDN of the SEPM must be discoverable with a forward and a reverse DNS lookup.  You must have a complete DNS record for the FQDN.
    1. Verify that the DNS record has the correct IP address.  Use the nslookup command from the command line interface of EDR. Confirm that the expected IP address is returned.
      nslookup host.example.com
    2. Verify the DNS record has the correct record for a reverse DNS lookup.  Use the nslookup command from the CLI of EDR and use the IP address from the previous step to verify the reverse lookup displays the expected FQDN.
      nslookup 192.0.2.5
    3. If the record does not display the correct IP address then the DNS record must be updated.
    4. If the incorrect FQDN is displayed when performing the reverse DNS lookup then the record must be updated so it includes the correct FQDN.

Option 2: Re-issue the certificate.

  1. Re-issue the certificate for the SEPM with an FQDN or IP address which does not have an incomplete or incorrect DNS record.
    1. Re-issue the SEPM's certificate and include the IP address of the SEPM server as an entry in the Subject Alternative Name (SAN) list.
    2. You may also re-issue the certificate and include the FQDN being used on the DNS record for the reverse DNS lookup. 
      • The FQDN on the reverse DNS lookup must be listed as an entry on the SAN list of your certificate.

NOTE: If the certificate does not currently have the correct SAN entries this will be required. Otherwise you must proceed with Option 1.

Scenario  2: The username or password is incorrect or the account is locked.

  1. Verify the service account you created for EDR is not locked or expired according to the SEPM.
    1. Go to Admin > Administrators > Select the user from the list.

IMPORTANT: Support recommends having a dedicated user account for EDR on the SEPM.

Scenario 3: The SEPM domain is incorrect.

  1. Verify that the SEPM domain being used to configure the SEPM connection is correct. 
    1. Go to Admin > Domains and verify the domain you are using is listed here.

 

NOTE: If after checking the scenarios above the issue still persists, please, check the following KB:

https://knowledge.broadcom.com/external/article/266363/the-advanced-security-tab-is-showing-an.html

Additional Information

If you encounter an issue where the REST API connections no longer authenticate after upgrading the endpoint protection manager to 14.3.5427.3000 then refer to Article ID: 231144.