ServiceDesk account login fails with AHD04043 after fresh installation of SDM 17.1 with NTLM without EEM

Document ID : KB000108042
Last Modified Date : 27/07/2018
Show Technical Document Details
After installing SDM 17.1 on BG server (non-upgrade), the ServiceDesk account is not able to login.

The message in the stdlog is:
boplgin 1028 ERROR bplaccess.c 4469 AHD04043:The user name or password you entered is not correct. Please try again.

The ServiceDesk account exists as a local OS account and password has been verified.  The passwords does not contain any special characters (just digits and English alphabet letters). The password is 20 characters long. 
CA Service Desk Manager 17.1
EEM is not installed.
Authentication is via NTLM.
In the Local Security Policy of the CA SDM servers, the following two NTLM security options were found to be set to "Deny all accounts" or "Deny all".
  • Network security: Restrict NTLM: Incoming NTLM traffic
  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers  
NTLM incoming
NTLM outgoing
Change the values of the two security options to "Allow all" on all of the servers.
NTLM Allow all

Additional Information:
How to Enable NTLM Authentication for CA SDM Tomcat Using WAFFLE