What do you see in the rscd.log on the targets?
Is it a domain controller ?
if not find the following which can be helpful
check for "Log on as batch job" and/or "Don't expire password" in your local or domain policy.
"Login not allowed for user"
There are several reasons why this error may occur. The most common problem can happen when the ACLs on the remote host are mapping to a user that does not exist on the remote host. This often happens when the administrator account has been renamed on the remote host or is named differently from a standard defined in your environment.
In some cases this error may arise when you have incorrectly installed an agent onto a domain controller in your environment. Check your domain to see if you have a duplicate BladeLogicRSCD account.
Another cause of this issue is when your policy contains incompatible entries for "Log on as batch job" and/or "Don't expire password". If these two entries do not have a value for BladeLogicRSCD and are getting propagated across your environment, they will interfere with the BladeLogic agent, causing the "Login not allowed for user" message. Refer to the documentation for information about installing an agent to a Domain Controller.
In my environment when I see this error, one of the ways to resolve this is to copy the "users" file from a similar server that is responding where the Admin account is the same. then reverify the host.
Before doing that, you need to validate that your admin account has Admin privileges and r/w on the root drive.and that the admin account is the same on the host, in the users.local file and in your BL console.
What role are you trying to access the agent from? is there a mapping entry in the rsc files for this role?
This seems to be an mapping issue. The role with which you are tring to access the server is not mapped to the administrator user of the target server.
I will say check the agent acl tab of the role and check to which user is it mapped to and whether that user have access to the root directory of the server,
If not map to a user who has the access to the root directory and push agent acl to that server you are trying to access.
I have tried this and is working fine in my environment .
NOTE: I will suggest to have test of the above before appling in the production server.