Performing Asset Scan from Shavlik Protect Fails with Errors

Version 7

    Symptoms

     

    • Cannot perform an asset scan from Shavlik Protect
    • Performing an asset scan fails with Error 452
    • In the ST.Protect.native.log file, you see this error:

      class STWin32::CWin32Exception at nsSecurity.cpp:1090: Not all privileges referenced are assigned to the caller.

     

    Cause


    This issue occurs if:

    • You do not have the required permission(s) to perform the asset scan.
    • There is a problem with Windows Management Instrumentation on the target machine.

     

    Resolution


    To resolve this issue, verify these information and complete the appropriate steps:

    1. Verify whether a Security Patch Scan is able to run successfully to the target machine that is currently unable to run an asset scan.
      1. If a Security Patch Scan does not run to the target machine, you must refer to the system scanning prerequisites. For more information, see the Help documentation in Protect before continuing.
    2. Asset scans require port 135, while patch scans do not.
      1. Verify if Port 135 is listening on the Target Machine.
      2. Verify if you are able to successfully Telnet to port 135. For example, Telnet MachineName 135. You can use the IP address instead of the machine name for this test.
      3. Check if you receive a Connection Refused error or see a blank screen with a flashing cursor. The blank screen with a flashing cursor indicates success.
      4. If firewalls are enabled, - port 135 and other required scanning ports must have an exception.
    3. Specify credentials on a machine group for the asset scan(s) to work.
      1. Check if you have you tried to reset credentials for the machine group.
    4. When performing an asset scan, Windows Management Instrumentation (WMI) service must be enabled on the target machine and the protocol allowed to the machine (TCP port 135).

      Note: In Windows Firewall (on Windows XP/Windows 2003 machines), the service is called Remote Administration. On Windows Vista/Windows Server 2008 machines, the service is called Windows Management Instrumentation (WMI)/Remote Administration.
    5. Go to Computer Configuration >Windows Settings > Security Settings > Local Policies >User Rights Assignment under Local Security Settings to verify that the user attempting to run an asset scan has the appropriate user rights on the target machine.
      1. Verify that the user has the following rights on the Protect Console Machine:
        • Debug programs
        • Take ownership of files or other objects
        • Manage auditing and security log
        • Back up files and directories
        • Restore files and directories
    6. Run sysinfo ( msinfo32.exe) on the target machine. If it populates without errors, WMI is working on the target machine. If WMI is not working on the target machine, it generates the error "Can't Collect Information".
    7. Attempt a complete WMI flush on target machine by completing these steps:
      1. Stop the WMI service.
      2. Delete the contents of <%WINDIR%>\System32\wbem\Repository.
      3. Reboot the system.

     

    Additional Information


    For more information on asset scanning requirements see the Asset Scan Requirements.  

     

    Affected Product(s)


    Shavlik Protect 9.x