cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

The Windows Domain User is Blocked from EPO (2)

Every 3 minutes the domain account administrator of the ePo server is blocked. In the server logs the following entry: 2019-06-14 14: 24: 05,508 ERROR [scheduler-InternalTask-thread-12] server.OrionLogging - [scheduler-InternalTask-thread-12] INFO com.hierynomus.smbj.connection.Connection - Successfully connected to: Msk- kltn-dba068 2019-06-14 14: 24: 05,540 ERROR [scheduler-InternalTask-thread-12] server.OrionLogging - [scheduler-InternalTask-thread-12] INFO com.hierynomus.smbj.connection.Connection - Closed connection to Msk-kltn -dba068 2019-06-14 14: 24: 05,540 ERROR [Packet Reader for Msk-kltn-dba068] server.OrionLogging - [Packet Reader for Msk-kltn-dba068] INFO com.hierynomus.smbj.transport.PacketReader - Thread [Packet Reader for Msk-kltn-dba068,5, McAfee Foundation Services Scheduler] stopped. 2019-06-14 14: 24: 05,540 ERROR [scheduler-InternalTask-thread-12] tasks.DeleteScanResultsTask - [DeleteScanResultsTask] Failed to delete Auto RegDocs files com.hierynomus.mssmb2.SMBApiException: STATUS_LOGON_FAILURE (0xc000006d): Authentication failed for 'k.chechulin' using com.hierynomus.smbj.auth.NtlmAuthenticator@25013661 I cannot find this task myself.

7 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: The Windows Domain User is Blocked from EPO (2)

Log snippet doesn't give much information to me.

The account will be locked if it's used in ePO server if it fails to validate (may be because of password change etc).

I suggest to look at places 1- under  registered  LDAP server, 3- replication credentials under Distributed repository, 3- ODS scan task). I suggest to edit tasks at these places and update credentials if particular users used.

 

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!
Highlighted

Re: The Windows Domain User is Blocked from EPO (2)

1- under  registered  LDAP server

(I checked the server registered in the epo, the technical account is listed there, everything is fine with it.)

2- replication credentials under Distributed repository

(The same technical account is specified in the repository replication task.)

3- ODS scan task.

(I couldn’t find this task, the account settings are not specified in the ODS policy)

Highlighted

Re: The Windows Domain User is Blocked from EPO (2)

Capture.PNG

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: The Windows Domain User is Blocked from EPO (2)

Auto regdocs task is an internal dlp task.  Check your credentials under dlp settings for the evidence storage location.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: The Windows Domain User is Blocked from EPO (2)

Created a new technical account srv.dlp.mcafee still blocked my personal account

I can not find this task, is it possible to delete it through the database?
Tell me in which table this task is stored.

Capture2.PNG

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: The Windows Domain User is Blocked from EPO (2)

No, you cannot delete it.  I would suggest opening a ticket with McAfee so we can help locate this for you.  Some of it depends on what products you are using and where things are configured.  Do you have credentials saved for deploying agents?  Is there a server task anywhere that might use credentials?  Does your email server config in epo server settings use an account to authenticate?  Did you check also the local epo server registration under registered servers?  That has to match what is in core/config.  Are there any credentials set in any active directory sync points for deploying agents or accessing the ldap server?  Are you using MOVE, TIE or any other products that might need an account?  As you can see, there are a lot of places to look, including all distributed repositories and anywhere else you can think of that might use an account.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: The Windows Domain User is Blocked from EPO (2)

Understood, I will get the task

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community