→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Nils
Lansweeper Tech Support
Lansweeper Tech Support

TL;DR-Sweepy-Icon (1).png
This page provides instructions for troubleshooting "firewalled" or "RPC server unavailable" errors when performing an agentless scan.


This page is for Lansweeper Sites (in the cloud). For Lansweeper Classic, see The RPC server is unavailable. 0x800706BA.

When Lansweeper scans Windows computers without a scanning agent, you may encounter "firewalled" or "RPC server unavailable" errors. 

These errors can occur due to:

  1. Incorrect firewall set ups
  2. Offline machines
  3. DCOM issues
  4. Incorrect settings
For an overview of all your scanning options, see Lansweeper's Scanning Guide.

If you're encountering errors, consider installing a scan agent. Scanning with an agent returns the same data and is a guaranteed solution to any "RPC server unavailable" or firewall errors. For more information, see:

To successfully perform an agentless scan with RequireIntegrityActivationAuthenticationLevel set to 1, KB5005033 or newer must be installed.

Before you begin

  • Verify that the scanning error is still present:
    1. Go to Inventory and select the Windows computer with the error.
    2. Look at the Last Scan Attempt date in the computer's asset page to determine when the scanning error occurred.
    3. If the scanning error is not recent, select Rescan Asset to verify whether the scanning issue is still present.
  • Make sure that the Windows computer is switched on. Computers that are offline will generate RPC errors as well.

Troubleshoot the RPC server error

  1. Run the testconnection tool on your Lansweeper server, as it will help in the troubleshooting process. The tool can be found at Program Files (x86)\Lansweeper\Actions\testconnection.exe.
    You must open the test tool on your Lansweeper scanning server, i.e. on the machine that has the Lansweeper Server service installed. Tests initiated from other machines cannot be used for troubleshooting purposes, as they do not replicate the exact network conditions (e.g. firewalls) experienced by Lansweeper.
  2. Run multiple tests in the test tool, connecting to the computer's IP address, NetBIOS name and (in the case of a domain computer) Fully Qualified Domain Name (FQDN).
    When running your tests, submit the same credential that was also submitted in Lansweeper for scanning.
  3. Make sure the DNS section of the tool shows the computer name being resolved to the correct IP address when running tests to the NetBIOS name or FQDN of the computer.
    If there is a DNS issue for instance and connecting to your computer's name returns an incorrect IP address as a result, this will lead to scanning issues. Discuss any DNS issues that may be visible in the test tool with your network admin, as they must be resolved in your network itself.
    Nils_0-1692867406677.png
  4. Look at the Scanning TCP Ports and Scanning WMI sections of the tool to determine whether necessary ports are open for scanning. Lansweeper must have access to TCP port 135 to set up the initial DCOM connection to the client machine, and the random ports that are used by Windows to send WMI data. 
    Our knowledge base contains firewall configuration instructions for Windows Firewall and Symantec Endpoint Protection. For other third-party firewalls, we recommend consulting the vendor's documentation.
    Nils_1-1692867462979.png
    Opening port 135 is not sufficient to accomplish an agentless scan of a Windows computer. Lansweeper pulls Windows computer data from WMI (Windows Management Instrumentation), a management infrastructure built into Windows operating systems. By default, Windows sends WMI data over random ports. You need to either:
    • Configure your firewalls in such a way that all WMI traffic (over random ports) is allowed. Windows Firewall includes an exception that you can enable to allow WMI traffic, as explained in this knowledge base article. For third-party firewalls, you'll need to consult your firewall documentation. 
    • Configure a fixed WMI port and allow traffic through that port. Setting up a fixed port is supported by all recent Windows operating systems starting from Windows Vista.
    • If you are unable to allow WMI traffic through your firewalls, scan your computers locally with the LsAgent or LsPush scanning agent instead. This does not require firewall reconfiguration.
  5. Make sure the Remote Procedure Call (RPC) service is running on the computer you're trying to scan. This service is configured to run automatically by default in Windows. It may have been manually stopped, however, resulting in "RPC server unavailable" errors.

  6. Make sure the computer meets the other Windows domain or workgroup scanning requirements. You can download (right-click and Save Link As) and run this script within an elevated Command Prompt on a problem computer to ensure DCOM, Windows Firewall and some other settings are correct. If you are using third-party firewalls, you will still need to check their configuration separately.

  7. Make sure the local time is correctly configured on the client computer, the Lansweeper scanning server and your domain controller. A time difference of more than 15 minutes between client and server can cause unexpected results in Active Directory domains.


Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.


Was this article helpful? Yes No
No ratings

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Version history
Last update:
‎08-25-2023 04:00 PM
Updated by: