ServiceDesk account login fails with AHD04043 after fresh installation of SDM 17.1 with NTLM without EEM

Document ID : KB000108042
Last Modified Date : 27/07/2018
Show Technical Document Details
Issue:
After installing SDM 17.1 on BG server (non-upgrade), the ServiceDesk account is not able to login.

The message in the stdlog is:
boplgin 1028 ERROR bplaccess.c 4469 AHD04043:The user name or password you entered is not correct. Please try again.

The ServiceDesk account exists as a local OS account and password has been verified.  The passwords does not contain any special characters (just digits and English alphabet letters). The password is 20 characters long. 
Environment:
CA Service Desk Manager 17.1
EEM is not installed.
Authentication is via NTLM.
Cause:
In the Local Security Policy of the CA SDM servers, the following two NTLM security options were found to be set to "Deny all accounts" or "Deny all".
  • Network security: Restrict NTLM: Incoming NTLM traffic
  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers  
NTLM incoming
 
NTLM outgoing
Resolution:
Change the values of the two security options to "Allow all" on all of the servers.
 
NTLM Allow all

 
Additional Information:
How to Enable NTLM Authentication for CA SDM Tomcat Using WAFFLE