Active Directory login is unavailable after upgrading the DLP Enforce server


Article ID: 170735


Updated On:


Data Loss Prevention Enforce


  • The ability to login with Active Directory credentials is not available after upgrading Symantec Data Loss Prevention (DLP).
  • The built-in Administrator account can be used.


The upgrade of your Enforce server may have removed the springSecurityContext.xml file required to enable Active Directory authentication.  If the springSecurityContext.xml file is present, check the contents of the file, around lines 95-102 and see if this is missing:

<!-- Set krbConfLocation in System properties -->
<bean class="">
<!-- krb5 configuration file location. 
For example
 C:\SymantecDLP\Protect\config\krb5.ini on Windows or /opt/Vontu/Protect/config/krb5.conf on Linux 
<property name="krbConfLocation" value="C:\SymantecDLP\Protect\config\krb5.ini" />


  • DLP 15.0 MP1
  • DLP 15.5 MP1


‚ÄčTo restore functionality: 

On your enforce sever, here is the location of the backup file: "\SymantecDLP\Protect\updates\SymantecDLPEnforceBackup\SymantecDLPEnforceBackup_15.0.0.45028\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml"

If the springSecurityContext.xml needs to be replaced, rename the current file version, then copy the good backup .xml file here: \SymantecDLP\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml With the backup in place, restart the VontuManager service. Active Directory functionality will be restored.