07-19-2022 05:33 PM - edited 07-19-2022 05:36 PM
We've had issues with the 'Rescan Asset' feature recently. The problem seems to affect Windows 10 and Windows 11 clients. LSAgent scans are unaffected.
Our infrastructure manager found a Windows Update that 'hardens' the DCOM server security causing the scan from lansweeper to fail (for us at least).
The increased security can be disabled after the update by applying the registry setting...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
RequireIntegrityActivationAuthenticationLevel
dword
0
It seems that after March 14th 2023, the security setting will be enforced and cannot be reversed. Not sure what we will do after that?
Solved! Go to Solution.
07-20-2022 09:51 AM
Hello there!
Last year, Microsoft implemented hardening changes in DCOM required for CVE-2021-26414. On June 14, 2022, these hardening changes are enabled by default but with the ability to disable them using a registry key.
(https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...)
At technical support, we received several reports of Access Denied scanning or deployment issues since the June 2022 updates, released on June 14th.
Patches involved:
KB5014697 for Windows 11
KB5014699 for Windows 10
To prevent the Access Denied errors, make sure that all your scanning servers are updated to the latest Windows patch level. Once all systems are up to date, agentless scanning should keep working without errors.
Should you still have issues, don't hesitate to shoot us a mail at suport@lansweeper.com.
To help us troubleshoot the problem, can you please provide us with:
Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper scanning server.s
Screenshots of the Quickfix details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/Quickfix tab.
Screenshots of the OS details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/OS tab.
An export of the eventviewer information on the Lansweeper scanning servers + an example client machine that you are failing to scan.
Export the Windows Logs\System section, filtered for the last 7 days. Please use the .evtx format.
07-20-2022 09:51 AM
Hello there!
Last year, Microsoft implemented hardening changes in DCOM required for CVE-2021-26414. On June 14, 2022, these hardening changes are enabled by default but with the ability to disable them using a registry key.
(https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...)
At technical support, we received several reports of Access Denied scanning or deployment issues since the June 2022 updates, released on June 14th.
Patches involved:
KB5014697 for Windows 11
KB5014699 for Windows 10
To prevent the Access Denied errors, make sure that all your scanning servers are updated to the latest Windows patch level. Once all systems are up to date, agentless scanning should keep working without errors.
Should you still have issues, don't hesitate to shoot us a mail at suport@lansweeper.com.
To help us troubleshoot the problem, can you please provide us with:
Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper scanning server.s
Screenshots of the Quickfix details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/Quickfix tab.
Screenshots of the OS details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/OS tab.
An export of the eventviewer information on the Lansweeper scanning servers + an example client machine that you are failing to scan.
Export the Windows Logs\System section, filtered for the last 7 days. Please use the .evtx format.
07-20-2022 10:03 AM
Thanks for the info. Embarrassingly, we are still running our Lansweeper server on a Windows 7 PC. It is on the to-do list!
07-19-2022 06:53 PM
Hey BeanMunster - does this article from Esben help any ? https://www.lansweeper.com/pro-tips/dcom-hardening/
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now