This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Event log message
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2021 07:15 PM
Can someone provide some direction with this please?
Thanks.
The server-side authentication level policy does not allow the user DPS\038815 SID (S-1-5-21-2260375648-3386735697-1685888974-3386) from address 10.51.107.48 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Thanks.
The server-side authentication level policy does not allow the user DPS\038815 SID (S-1-5-21-2260375648-3386735697-1685888974-3386) from address 10.51.107.48 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-08-2021 01:22 PM
As we received a question via email that referred to this topic, we've added our response below. It may be of interest to others affected by this issue.
We've performed internal testing and checks and have also validated our response to the recent DCOM hardening changes performed by Microsoft.
Firstly to contextualize this fully. In June of this year we discovered that Microsoft was planning to make changes that directly impact the way Lansweeper connects to Windows computers in context of agentless scanning. Lansweeper uses DCOM to set up an RPC connection with Windows computers.
This change was introduced in the June monthly update, as an optional registry change that was disabled by default. When setting this registry key as enabled, any agentless scanning was met with RPC or WMI access denied errors, and RPC authentication level errors in the eventviewer of the scanning server. This was the case regardless of the RPC authentication level we set our application to (counter to what the error in the eventviewer indicates).
Our developers investigated this issue internally and set up communication with Microsoft developers. The ending conclusion was that a change in Microsoft's implementation was necessary, and no Lansweeper change. Starting with the August monthly update KB5005033, the registry key can be activated without impacting Lansweeper agentless scanning.
Our internal testing has consistently shown that scanning a remote computer without an agent is successful if the following is true:
- The computer is running the September monthly update (or October preview)
- The scanning server is running the September monthly update
- The registry key is set to 1 or 0 (or doesn't exist, which currently should mean it's set to 0)
We've found no circumstance where all components are on the latest patch level, and all scanning requirements are met, that the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY errors are thrown (or RPC/WMI access denied errors in Lansweeper). As such our current recommendation is to ensure the servers involved are fully up to date and meet the agentless scanning requirements: https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Since this was also mentioned in the forum post, the update from Lansweeper version 8.4 to 9.0 can ordinarily not be involved in this, as there have been no changes to the way Lansweeper authenticates with Windows computers.
As an aside as well, we have seen mention in a non-Lansweeper context that users are running into this RPC authentication level error in unexpected circumstances, for example in the microsoft community post linked below. This does make it appear as though there's something going on with the latest Windows updates. Though again, we could not reproduce it.
https://docs.microsoft.com/en-us/answers/questions/564347/server-2019-update-kb5005568-sept-2021-forcing-new.html
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-08-2021 01:22 PM
As we received a question via email that referred to this topic, we've added our response below. It may be of interest to others affected by this issue.
We've performed internal testing and checks and have also validated our response to the recent DCOM hardening changes performed by Microsoft.
Firstly to contextualize this fully. In June of this year we discovered that Microsoft was planning to make changes that directly impact the way Lansweeper connects to Windows computers in context of agentless scanning. Lansweeper uses DCOM to set up an RPC connection with Windows computers.
This change was introduced in the June monthly update, as an optional registry change that was disabled by default. When setting this registry key as enabled, any agentless scanning was met with RPC or WMI access denied errors, and RPC authentication level errors in the eventviewer of the scanning server. This was the case regardless of the RPC authentication level we set our application to (counter to what the error in the eventviewer indicates).
Our developers investigated this issue internally and set up communication with Microsoft developers. The ending conclusion was that a change in Microsoft's implementation was necessary, and no Lansweeper change. Starting with the August monthly update KB5005033, the registry key can be activated without impacting Lansweeper agentless scanning.
Our internal testing has consistently shown that scanning a remote computer without an agent is successful if the following is true:
- The computer is running the September monthly update (or October preview)
- The scanning server is running the September monthly update
- The registry key is set to 1 or 0 (or doesn't exist, which currently should mean it's set to 0)
We've found no circumstance where all components are on the latest patch level, and all scanning requirements are met, that the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY errors are thrown (or RPC/WMI access denied errors in Lansweeper). As such our current recommendation is to ensure the servers involved are fully up to date and meet the agentless scanning requirements: https://www.lansweeper.com/knowledgebase/domain-scanning-requirements/
Since this was also mentioned in the forum post, the update from Lansweeper version 8.4 to 9.0 can ordinarily not be involved in this, as there have been no changes to the way Lansweeper authenticates with Windows computers.
As an aside as well, we have seen mention in a non-Lansweeper context that users are running into this RPC authentication level error in unexpected circumstances, for example in the microsoft community post linked below. This does make it appear as though there's something going on with the latest Windows updates. Though again, we could not reproduce it.
https://docs.microsoft.com/en-us/answers/questions/564347/server-2019-update-kb5005568-sept-2021-forcing-new.html
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-01-2021 10:28 PM
This is 100% being caused only by Lansweeper application. I have tested PDQ inventory, Deploy, Dell scanning apps, HP, etc and none produce this error after the recent Windows update.
Website Version: 9.0.10.2
35000 errors are present in our event logs over all devices in our environment.
Website Version: 9.0.10.2
35000 errors are present in our event logs over all devices in our environment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-30-2021 05:31 PM
pjayme wrote:
Can someone provide some direction with this please?
Thanks.
The server-side authentication level policy does not allow the user DPS\038815 SID (S-1-5-21-2260375648-3386735697-1685888974-3386) from address 10.51.107.48 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
I am seeing the same since I upgraded from version 8 to 9.0.0.17.
It does not affect anything from working and I am not 100% sure yet that it is the upgrade or something else, but it seems to be related to a Jun update:
https://www.csoonline.com/article/3622168/how-to-test-the-impact-of-new-windows-dcom-server-authentication.html
Still busy investigating, would like some more feedback to help find the solution/reason for the events popping up all over my clients.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Report on the history of changes on the device in the last week. in Reports & Analytics
- Interest Check: December Community Event – Scanning Deep Dive & Troubleshooting Tips in General Discussions
- 🚨 ICYMI: Fall Product Launch Teaser! 🚨 in General Discussions
- User login fails to onprem Lansweeper for AD user in Product Discussions
- Lansweeper Community Highlights October 2024 in General Discussions
