09-22-2021 07:15 PM
Solved! Go to Solution.
10-08-2021 01:22 PM
We've performed internal testing and checks and have also validated our response to the recent DCOM hardening changes performed by Microsoft.
Firstly to contextualize this fully. In June of this year we discovered that Microsoft was planning to make changes that directly impact the way Lansweeper connects to Windows computers in context of agentless scanning. Lansweeper uses DCOM to set up an RPC connection with Windows computers.
This change was introduced in the June monthly update, as an optional registry change that was disabled by default. When setting this registry key as enabled, any agentless scanning was met with RPC or WMI access denied errors, and RPC authentication level errors in the eventviewer of the scanning server. This was the case regardless of the RPC authentication level we set our application to (counter to what the error in the eventviewer indicates).
Our developers investigated this issue internally and set up communication with Microsoft developers. The ending conclusion was that a change in Microsoft's implementation was necessary, and no Lansweeper change. Starting with the August monthly update KB5005033, the registry key can be activated without impacting Lansweeper agentless scanning.
Our internal testing has consistently shown that scanning a remote computer without an agent is successful if the following is true:
- The computer is running the September monthly update (or October preview)
- The scanning server is running the September monthly update
- The registry key is set to 1 or 0 (or doesn't exist, which currently should mean it's set to 0)
We've found no circumstance where all components are on the latest patch level, and all scanning requirements are met, that the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY errors are thrown (or RPC/WMI access denied errors in Lansweeper). As such our current recommendation is to ensure the servers involved are fully up to date and meet the agentless scanning requirements: https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Since this was also mentioned in the forum post, the update from Lansweeper version 8.4 to 9.0 can ordinarily not be involved in this, as there have been no changes to the way Lansweeper authenticates with Windows computers.
As an aside as well, we have seen mention in a non-Lansweeper context that users are running into this RPC authentication level error in unexpected circumstances, for example in the microsoft community post linked below. This does make it appear as though there's something going on with the latest Windows updates. Though again, we could not reproduce it.
https://docs.microsoft.com/en-us/answers/questions/564347/server-2019-update-kb5005568-sept-2021-forcing-new.html
10-08-2021 01:22 PM
We've performed internal testing and checks and have also validated our response to the recent DCOM hardening changes performed by Microsoft.
Firstly to contextualize this fully. In June of this year we discovered that Microsoft was planning to make changes that directly impact the way Lansweeper connects to Windows computers in context of agentless scanning. Lansweeper uses DCOM to set up an RPC connection with Windows computers.
This change was introduced in the June monthly update, as an optional registry change that was disabled by default. When setting this registry key as enabled, any agentless scanning was met with RPC or WMI access denied errors, and RPC authentication level errors in the eventviewer of the scanning server. This was the case regardless of the RPC authentication level we set our application to (counter to what the error in the eventviewer indicates).
Our developers investigated this issue internally and set up communication with Microsoft developers. The ending conclusion was that a change in Microsoft's implementation was necessary, and no Lansweeper change. Starting with the August monthly update KB5005033, the registry key can be activated without impacting Lansweeper agentless scanning.
Our internal testing has consistently shown that scanning a remote computer without an agent is successful if the following is true:
- The computer is running the September monthly update (or October preview)
- The scanning server is running the September monthly update
- The registry key is set to 1 or 0 (or doesn't exist, which currently should mean it's set to 0)
We've found no circumstance where all components are on the latest patch level, and all scanning requirements are met, that the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY errors are thrown (or RPC/WMI access denied errors in Lansweeper). As such our current recommendation is to ensure the servers involved are fully up to date and meet the agentless scanning requirements: https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Since this was also mentioned in the forum post, the update from Lansweeper version 8.4 to 9.0 can ordinarily not be involved in this, as there have been no changes to the way Lansweeper authenticates with Windows computers.
As an aside as well, we have seen mention in a non-Lansweeper context that users are running into this RPC authentication level error in unexpected circumstances, for example in the microsoft community post linked below. This does make it appear as though there's something going on with the latest Windows updates. Though again, we could not reproduce it.
https://docs.microsoft.com/en-us/answers/questions/564347/server-2019-update-kb5005568-sept-2021-forcing-new.html
10-01-2021 10:28 PM
09-30-2021 05:31 PM
pjayme wrote:
Can someone provide some direction with this please?
Thanks.
The server-side authentication level policy does not allow the user DPS\038815 SID (S-1-5-21-2260375648-3386735697-1685888974-3386) from address 10.51.107.48 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now