Other than required ports, supplying a valid hostname\IP Address and domain credentials should be sufficient. It could be UAC causing issues, take a look at this:
Are you able to connect to the DC using this?
net use \\machine_name\IPC$ /user:domain\ username password
Taking a look in the hf*.log locate in C:\ProgramData\LANDESK\Shavlik Protect\Logs could show you more of the issue.
Sorry in the delay on responding, holidays.
A quick question on the way Shavlik handles domain credentials. We have some very tight restrictions in terms of what accounts can login to various machines in our environment. So an account that can login into the our DC cannot be used anyplace else in our environment because of Group Policy. Does Shavlik attempt to use a scan credential in anyway on the local server?
To test the theory on our end we are going to create a special account on our end that has rights to login into both our Domain Controller and Servers (the box with Shavlik is a standard server) and then use that as the credentials for Shavlik to Scan with.
Also here is the section of the log from the latest scan attempt.
2017-01-04T12:33:43.3582590Z 11d4 S BaseThread.cpp:54 Entering threading::BaseThread::StartThread.
2017-01-04T12:33:43.3712578Z 1384 W NetworkLogon.cpp:117 Failed to check administrative access to 'IP REMOVED', attempt 1, error: 5.
2017-01-04T12:33:43.3712578Z 1384 W MachineSelector.cpp:86 Credentials passed in were not admin - using clouc
2017-01-04T12:33:43.3752605Z 1384 W NetworkLogon.cpp:117 Failed to check administrative access to 'IP REMOVED', attempt 1, error: 5.
2017-01-04T12:33:43.3752605Z 1384 I DBOutput.cpp:39 Scan '23a4363c-b333-48ca-8740-4e6622a64df7' not scanned reason: 452.
2017-01-04T12:33:43.3782638Z 1384 I ScanWorkItem.cpp:531 All is not well DC004(10.1.204.226)
1 of 1 people found this helpful
Credentials specified as the Browse Credentials or the Admin Credentials in the Machine Group are only used to access what they are specified for. Browse Credentials are used to enumerate machine in Domain or OU types scans. The Admin Credentials are used to connect to the enumerated machine via the admin share. These credentials are not used on the local Protect server.
From your example the specified credentials failed then it failed-over to the CLOUC (currently logged on user credentials) which also failed. Experience tells me working with locked down credentials isn't going to be easy, What did the net use command from above tell you? If that fails, no scan will be performed.
Net use failed.
After some internal debate we have decided to just keep doing what we have been doing and that is manually patching the DCs.
Thanks for the responses!
Thanks for the heads-up, at least these DCs are very secure. =)