During the installation of Symantec Endpoint Encryption, when we choose 'Windows Authentication (using existing domain account)' option for Database Access and then enter the username and password for the windows domain account, we are unable to authenticate successfully.
Getting the error "The Domain User Credentials did not pass Verification. Re-enter the username, password, and/or domain and try again."
Windows domain account does not special permissions for database access. The Windows domain account needs "Mapped Windows Domain Account Privileges" to complete the Symantec Endpoint Encryption Manager Console installation.
The Symantec Endpoint Encryption Management Server can be configured during setup to authenticate to the
database using Windows authentication. This is to accommodate environments that restrict the use of SQL
authentication and SQL servers operating in mixed mode.
To use Windows Authentication, you must provision a Windows domain account with special privileges prior to
installation of the Symantec Endpoint Encryption Management Server.
Before you begin, you must:
1. Configure your SQL server to use Windows Authentication mode.
2. Designate a Windows domain account for use as the Management Server account.
Summary of Steps
Preparing a Windows domain account for use as the Management Server account requires the following steps:
1. Add metabase permissions for the account using the aspnet_regiis.exe utility.
2. Add folder permissions for the account.
Add Metabase Permissions
Use the ASP.NET IIS Registration Tool (aspnet_regiis.exe) to grant the account access to the IIS metabase and other directories used by ASP.NET. Execution of this command will also add the account to the IIS_WPG group and grant the account “log on as a batch job” permission.
Log on to the Management Server using a domain administrator account. Click Start, click Run, type cmd, then click OK to open a new command prompt window.
1. At the command prompt, change to the following directory:
2. At the command prompt, type the following command and press ENTER:
aspnet_regiis.exe -ga domain_name\user_name
Be sure to replace the domain_name\user_name entry with the Windows domain name.
Add Other Permissions
Grant the account read and write access to the following directories:
%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
Grant the account “log on as a service” permission.
Grant the account read and write access to the registry.
Grant the account read and write access to the log directory. The logs are located at: