cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
chada
Engaged Sweeper III
I have multiple domains I am scanning and although I have credential mapping setup with service accounts per domain, I am getting thousands of security event log failures for the service account that the Lansweeper service is running under.

Does anyone know how to setup the scanning so this doesn't occur or is it default behavior for the service account credentials to be used first in all scans? This would seem to be very inefficient and clogs up my server logs with useless info you have to sort through when looking for real problems. I am using active scanning for all the domains.
1 ACCEPTED SOLUTION
Susan_A
Lansweeper Alumni
The service account is tried last, not first. Lansweeper will try to use this account when your mapped credentials and global credential have failed. If a scan attempt is unsuccessful, the computer's Lansweeper webpage should list the credentials Lansweeper tried to use.

Make sure your credentials are correctly mapped under Configuration/Scanning Setup/Scanning Credentials. If the issue persists, please send the information below to support@lansweeper.com. We will follow up via email.
  • Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper server.
  • Screenshots of the problem.
  • Screenshot of Configuration/Scanning Setup/Scanning Credentials.

View solution in original post

3 REPLIES 3
Michael_V
Champion Sweeper III
Are the events related to pre-authentication?

If yes:
You can enable the “Do not require Kerberos preauthentication" option for that user account in AD Users & Computers -> properties -> account

chada
Engaged Sweeper III
Susan,

I noticed that there is a scan priority for all the credentials in my domain and it happens that the one running the service account is also one of the credentials with a higher priority in the list. If it is trying the highest priority account first every time it scans every machine then my DC's are going to have tons of failures logs.

LS should already know what domain a machine is in based upon the scanning it does to discover new machines. It seems it is trying to use a scanned credential from a higher priority. I know the credential for that domain is good because I ultimately have all my servers showing up with detailed scan info. I just think there is a flaw in how LS chooses what account to use first.

Do you think there is a problem I should submit info on or is that by design and an enhancement should go in or is being planned?
Susan_A
Lansweeper Alumni
The service account is tried last, not first. Lansweeper will try to use this account when your mapped credentials and global credential have failed. If a scan attempt is unsuccessful, the computer's Lansweeper webpage should list the credentials Lansweeper tried to use.

Make sure your credentials are correctly mapped under Configuration/Scanning Setup/Scanning Credentials. If the issue persists, please send the information below to support@lansweeper.com. We will follow up via email.
  • Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper server.
  • Screenshots of the problem.
  • Screenshot of Configuration/Scanning Setup/Scanning Credentials.