Solved: by the way, symantec customer - Page 2

VMF · ‎12-07-2011

im trying to install a BE 2010 r3 sp1 on a freshly built 2008 R2 x64 server that is a member of the domain.

when i get to the server account step and i provide domain account credentials, i get "unable to authenticate with the user and password information given for domain\user".

it works fine in the test domain that has same gpos applied but fails in the prod env. i even disabled all GPOs and FW for the OU where the server resides. still the same error. i tried running the installer on the DC just to see if it will work, still the same error. im at a loss right now as to why it is not authenticating. any insight will be appreciated

VMF · ‎12-07-2011

no errors pertaining to the problem

VMF · ‎12-07-2011

anyone? i tried contacting support but the symantec support structure is so... not easy, cant open cases online, and the guy i spoke to never called back...

VMF · ‎12-07-2011

i think i found a record in the security log for this

audit failure event 4625 - NULL SID

ZeRoC00L · ‎12-07-2011

I would suggest to remove the server from the domain, and add it again.

Or reinstall the server from scratch.

ZeRoC00L · ‎12-07-2011

Create an online case here:

https://mysupport.symantec.com/login.html

VMF · ‎12-07-2011

its not this particular server, i get the same error form the installer when i run it on the DC

VMF · ‎12-07-2011

cant do that either, called in no reply so far, makes me wonder, why am i paying for support???

VJware · ‎12-07-2011

Pls provide me details of your support ticket...such as the case #

VMF · ‎12-07-2011

thats the problem, i dont know the details, the guy i spoke to said he will email me the details, never received the email.

and i cant open the issue online either since it gives me

MySupport Application Error

The MySupport application has encountered a program error. You can either try again or contact Symantec Technical Services

Thank you for your patience.

after i provide my technical contact ID.

VJware · ‎12-07-2011

Would suggest to call Tech Support at +1 800 342 0652...There is hardly any wait time now...not more than 5 mins & you would be able to log a support case with the rep

ZeRoC00L · ‎12-08-2011

Have you tried downloading the installation media again ?

VMF · ‎12-08-2011

the media works on my test domain and works on production domain when i select a local account instead of domain account. im not sure how BE installer is trying to auth against the AD, using kerberos or NTLM and what exactly is preventing it from doing so

VMF · ‎12-08-2011

ok i found what was causing this. looking at evenid 4625 having subtype 0xc0000418 lead me to conclusion that DC is blocking NTLM. original GPOs were restricing all but NTLM v2 and apparently BE, being in the 2010 r3 release still needs original very unsecure NTLM , which is a security flaw. i removed the gpo but not having policies defined is not enough for windows. since it kept ntlm blocked. i had to explicitly allow ALL kinds of incoming/outgoing ntlm traffic in the gpo to get BE installer to authenticate successfully.

VMF · ‎12-08-2011

hmm, now it gets stuck at the serice account step without any errors. i click next, the back button gets grayed out for few seconds, then it becomes available again, but its not going anywhere

VMF · ‎12-08-2011

restricting NTLM to NTLM v2 only works with BE

VMF · ‎12-09-2011

by the way, symantec customer support sucks! i still did not get a call back and the woman who i opened the issue with was rude and uncooperative. she also opened the issue with the least priority available while i specifically told her that it does affect the bussinness. bad experience!

VOX

trouble installing BE 2010 r3