cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Rescan Asset fails after windows update [DCOM Server Security Feature Bypass]

BeanMunster
Engaged Sweeper

We've had issues with the 'Rescan Asset' feature recently. The problem seems to affect Windows 10 and Windows 11 clients. LSAgent scans are unaffected. 

Our infrastructure manager found a Windows Update that 'hardens' the DCOM server security causing the scan from lansweeper to fail (for us at least). 

Please see KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) (microsoft...

The increased security can be disabled after the update by applying the registry setting...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

RequireIntegrityActivationAuthenticationLevel

dword

It seems that after March 14th 2023, the security setting will be enforced and cannot be reversed. Not sure what we will do after that?

 

1 ACCEPTED SOLUTION

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

Last year, Microsoft implemented hardening changes in DCOM required for CVE-2021-26414. On June 14, 2022, these hardening changes are enabled by default but with the ability to disable them using a registry key.
(https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...)

At technical support, we received several reports of Access Denied scanning or deployment issues since the June 2022 updates, released on June 14th.

Patches involved:

  • KB5014697 for Windows 11

  • KB5014699 for Windows 10

To prevent the Access Denied errors, make sure that all your scanning servers are updated to the latest Windows patch level. Once all systems are up to date, agentless scanning should keep working without errors.

Should you still have issues, don't hesitate to shoot us a mail at suport@lansweeper.com

To help us troubleshoot the problem, can you please provide us with:

  • Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper scanning server.s

  • Screenshots of the Quickfix details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/Quickfix tab.

  • Screenshots of the OS details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/OS tab.

  • An export of the eventviewer information on the Lansweeper scanning servers + an example client machine that you are failing to scan.

    • Export the Windows Logs\System section, filtered for the last 7 days. Please use the .evtx format.

View solution in original post

3 REPLIES 3

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

Last year, Microsoft implemented hardening changes in DCOM required for CVE-2021-26414. On June 14, 2022, these hardening changes are enabled by default but with the ability to disable them using a registry key.
(https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...)

At technical support, we received several reports of Access Denied scanning or deployment issues since the June 2022 updates, released on June 14th.

Patches involved:

  • KB5014697 for Windows 11

  • KB5014699 for Windows 10

To prevent the Access Denied errors, make sure that all your scanning servers are updated to the latest Windows patch level. Once all systems are up to date, agentless scanning should keep working without errors.

Should you still have issues, don't hesitate to shoot us a mail at suport@lansweeper.com

To help us troubleshoot the problem, can you please provide us with:

  • Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper scanning server.s

  • Screenshots of the Quickfix details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/Quickfix tab.

  • Screenshots of the OS details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/OS tab.

  • An export of the eventviewer information on the Lansweeper scanning servers + an example client machine that you are failing to scan.

    • Export the Windows Logs\System section, filtered for the last 7 days. Please use the .evtx format.

Thanks for the info. Embarrassingly, we are still running our Lansweeper server on a Windows 7 PC.  It is on the to-do list!

RichieRich
Lansweeper Employee
Lansweeper Employee

Hey BeanMunster - does this article from Esben help any ? https://www.lansweeper.com/pro-tips/dcom-hardening/