cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

The Windows Domain User is Blocked from EPO (2)

Every 3 minutes the domain account administrator of the ePo server is blocked. In the server logs the following entry: 2019-06-14 14: 24: 05,508 ERROR [scheduler-InternalTask-thread-12] server.OrionLogging - [scheduler-InternalTask-thread-12] INFO com.hierynomus.smbj.connection.Connection - Successfully connected to: Msk- kltn-dba068 2019-06-14 14: 24: 05,540 ERROR [scheduler-InternalTask-thread-12] server.OrionLogging - [scheduler-InternalTask-thread-12] INFO com.hierynomus.smbj.connection.Connection - Closed connection to Msk-kltn -dba068 2019-06-14 14: 24: 05,540 ERROR [Packet Reader for Msk-kltn-dba068] server.OrionLogging - [Packet Reader for Msk-kltn-dba068] INFO com.hierynomus.smbj.transport.PacketReader - Thread [Packet Reader for Msk-kltn-dba068,5, McAfee Foundation Services Scheduler] stopped. 2019-06-14 14: 24: 05,540 ERROR [scheduler-InternalTask-thread-12] tasks.DeleteScanResultsTask - [DeleteScanResultsTask] Failed to delete Auto RegDocs files com.hierynomus.mssmb2.SMBApiException: STATUS_LOGON_FAILURE (0xc000006d): Authentication failed for 'k.chechulin' using com.hierynomus.smbj.auth.NtlmAuthenticator@25013661 I cannot find this task myself.

7 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: The Windows Domain User is Blocked from EPO (2)

Log snippet doesn't give much information to me.

The account will be locked if it's used in ePO server if it fails to validate (may be because of password change etc).

I suggest to look at places 1- under  registered  LDAP server, 3- replication credentials under Distributed repository, 3- ODS scan task). I suggest to edit tasks at these places and update credentials if particular users used.

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?

Re: The Windows Domain User is Blocked from EPO (2)

1- under  registered  LDAP server

(I checked the server registered in the epo, the technical account is listed there, everything is fine with it.)

2- replication credentials under Distributed repository

(The same technical account is specified in the repository replication task.)

3- ODS scan task.

(I couldn’t find this task, the account settings are not specified in the ODS policy)

Re: The Windows Domain User is Blocked from EPO (2)

Capture.PNG

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: The Windows Domain User is Blocked from EPO (2)

Auto regdocs task is an internal dlp task.  Check your credentials under dlp settings for the evidence storage location.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: The Windows Domain User is Blocked from EPO (2)

Created a new technical account srv.dlp.mcafee still blocked my personal account

I can not find this task, is it possible to delete it through the database?
Tell me in which table this task is stored.

Capture2.PNG

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: The Windows Domain User is Blocked from EPO (2)

No, you cannot delete it.  I would suggest opening a ticket with McAfee so we can help locate this for you.  Some of it depends on what products you are using and where things are configured.  Do you have credentials saved for deploying agents?  Is there a server task anywhere that might use credentials?  Does your email server config in epo server settings use an account to authenticate?  Did you check also the local epo server registration under registered servers?  That has to match what is in core/config.  Are there any credentials set in any active directory sync points for deploying agents or accessing the ldap server?  Are you using MOVE, TIE or any other products that might need an account?  As you can see, there are a lot of places to look, including all distributed repositories and anywhere else you can think of that might use an account.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: The Windows Domain User is Blocked from EPO (2)

Understood, I will get the task

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community