Why can't I add an Active Directory (AD) Synchronization account to my Symantec Endpoint Encryption Management Server (SEEMS)?
Symptoms When attempting to add an Active Directory Synchronization account in the Symantec Endpoint Encryption Management Server, the following error occurs: "The global catalog server could not be contacted using the designated protocol, global catalog server name forest name, and AD synchronization account. Check your entries and try again."
The User Domain value provided on the setup form is entered as a Fully Qualified Domain Name (FQDN).
The User Domain entry is used by the server to build a login string to authenticate to Active Directory. Active Directory requires a NETBIOS Domain Name for authentication purposes (i.e. mydomain\myuser instead of mydomain.com\myuser). Providing a Fully Qualified Domain name in the User Domain field will cause the SEEMS to fail to authenticate to the Active Directory Global Catalog server.
Provide the NETBIOS name for the domain in the User Domain field when configuring Active Directory Synchronization.
Imported Document ID: TECH132413
Subscribing will provide email updates when this Article is updated. Login is required.