When Directory Authentication is used to access the SEPM lockout issues occur if the Authentication server is moved or changed.
Scenario 1 - SEPM Active Directory Authentication was set up using a new admin account.
In this situation it will be possible to login to the SEPM again using the inbuilt Administrator account. If the login details are not known you may use the login.bat to reset the password to default settings (SEP12.1). You can then reconfigure the Directory Authentication settings again in the SEPM.
Scenario 2 - SEPM Active Directory Authentication was setup using the inbuilt admin account.
In this situation there is no supported way to gain access to the SEPM again. As the inbuilt admin account was used to setup Directory Authentication there is now no means to login to the SEPM except with this account. To allow successful login to the SEPM once again the Authentication Server would need to be configured again as to how it was setup when Directory Authentication was first created in the SEPM.
HOWEVER - There is another possible fix to this Scenario a CNAME - Record can be setup in DNS which will allow more than one domain name to resolve to the same IP address.
e.g. If the Directory Server was first added to the SEPM using its Hostname a CNAME can be setup to temporarily allow access to the NEW Directory Server using both the Old Directory Server Name and the New Directory Server Name (as long as the new Directory Server has the same account setup used previously).
PLEASE NOTE - It is always recommended to create a new admin account when setting up Directory Authentication and leave the default admin account in place.
Imported Document ID: TECH194300
Subscribing will provide email updates when this Article is updated. Login is required.