AccountName - the username of the IIS Client Authentication Account.
AccountDomain - the Windows domain name of the IIS Client Authentication Account.
You will need to check whether the password has expired or has been changed using Active Directory.
The Endpoint Encryption Installation Guide states that the IIS Client Authentication Account is a regular domain user account and does not require specific privileges.
While this account needs only to be a member of the Domain Users security group, it should be treated as a service account and its password should be set to never expire.
The account is used by the Endpoint Encryption clients to communicate with IIS in order to report in to the Endpoint Encryption Management Server. Changing it will mean that the clients can no longer check in with or be managed by the Endpoint Encryption Management Server. This is because the password of the Endpoint Encryption IIS Client Authentication Account is embedded in the Endpoint Encryption *.msi installation files.
During the Endpoint Encryption Client generation process, you must enter valid credentials for the Client Authentication Account. This will embed the credentials needed in order to authenticate to the Endpoint Encryption Management Server.
Symantec does not not recommend changing these credentials as this will cause client-server communications to fail.
If your organization's policies require that you change the Endpoint Encryption IIS Client Authentication Account password periodically, please be aware that you will need to generate updated *.msi installation files and reinstall the application to the existing endpoints.
Imported Document ID: TECH132221
Subscribing will provide email updates when this Article is updated. Login is required.