1 Reply Latest reply on Apr 6, 2015 9:08 AM by cwinning

    Permission Woes

    Rookie

      Hello, it seems that my Shavlik Protect is having some issues with permissions.  First of all, whenever I try to scan a machine by itself, it will not work, however if I scan it as part of an entire group, it works, this includes machines just created.  Secondly, it has having trouble on new machines just created.  They do not show up in Machine view, and the permissions just used on say a DC with domain admin access will not work on the new machine.  All I get is unable to connect to remote machine.  We are using agentless scans.  The major difference is  that these machines that are unable to scan correctly are on a different domain.  Please provide any insight into what could be the issue with these permissions not working correctly.

        • 1. Re: Permission Woes
          cwinning CommunityTeam

          Hello,

           

          The amount of variables that could cause scan failures is substantial, everything from credentials, configuration, scan method and environmental issues could be the root cause.  I'm going to need more detail on your method/setup.

           

          "First of all, whenever I try to scan a machine by itself, it will not work"

          • Are you scanning from a Machine Group or from View > Machines?
          • If from a Machine Group:
            • Do you assign credentials to the group?  Are you using domain\username format?
            • Do you see success when clicking on Test Existence and Test Credentials?
            • Have you tried scanning by NetBIOS, FQDN and IP?  (separate scans)

           

          "however if I scan it as part of an entire group, it works, this includes machines just created."

          • Are the machines entered in the same way as you tested individually? 
          • Are you supplying the same credentials in the Machine Group?

           

          "Secondly, it has having trouble on new machines just created.  They do not show up in Machine view, and the permissions just used on say a DC with domain admin access will not work on the new machine.  All I get is unable to connect to remote machine."

          • Scanning from the Machine View isn't always the best method depending on a number of variables.  It's possible the incorrect credentials are being used if the previous attempt to scan the machine failed OR if the credentials set in Machine Properties are set to invalid credentials.  For troubleshooting, I would suggest using Machine Group with specific credentials supplied.  
          • What is the exact error code for these machine?  451? 452? 200s?
          • Assuming valid credentials are being assigned to the Machine Group, removing machines from the domain and then adding them to the domain will correct an error 452.

           

          "We are using agentless scans.  The major difference is  that these machines that are unable to scan correctly are on a different domain.  Please provide any insight into what could be the issue with these permissions not working correctly."

          • Are the domains trusted?

           

          My apologies for the wall of questions, scan issues can be difficult to troubleshoot with logs and sometime impossible without logs.

           

          Here are some articles that may help:

           

          Troubleshooting Shavlik Protect Patch Scan Error Messages

          Agentless Patch Scanning Prerequisites

          Scanning Multiple Domains - Cross Domain Resolution

           

          Thanks,

          Charles