This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Rescan Asset fails after windows update [DCOM Serv...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2022 05:33 PM - edited 07-19-2022 05:36 PM
We've had issues with the 'Rescan Asset' feature recently. The problem seems to affect Windows 10 and Windows 11 clients. LSAgent scans are unaffected.
Our infrastructure manager found a Windows Update that 'hardens' the DCOM server security causing the scan from lansweeper to fail (for us at least).
The increased security can be disabled after the update by applying the registry setting...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
RequireIntegrityActivationAuthenticationLevel
dword
0
It seems that after March 14th 2023, the security setting will be enforced and cannot be reversed. Not sure what we will do after that?
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2022 09:51 AM
Hello there!
Last year, Microsoft implemented hardening changes in DCOM required for CVE-2021-26414. On June 14, 2022, these hardening changes are enabled by default but with the ability to disable them using a registry key.
(https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...)
At technical support, we received several reports of Access Denied scanning or deployment issues since the June 2022 updates, released on June 14th.
Patches involved:
KB5014697 for Windows 11
KB5014699 for Windows 10
To prevent the Access Denied errors, make sure that all your scanning servers are updated to the latest Windows patch level. Once all systems are up to date, agentless scanning should keep working without errors.
Should you still have issues, don't hesitate to shoot us a mail at suport@lansweeper.com.
To help us troubleshoot the problem, can you please provide us with:
Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper scanning server.s
Screenshots of the Quickfix details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/Quickfix tab.
Screenshots of the OS details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/OS tab.
An export of the eventviewer information on the Lansweeper scanning servers + an example client machine that you are failing to scan.
Export the Windows Logs\System section, filtered for the last 7 days. Please use the .evtx format.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2022 09:51 AM
Hello there!
Last year, Microsoft implemented hardening changes in DCOM required for CVE-2021-26414. On June 14, 2022, these hardening changes are enabled by default but with the ability to disable them using a registry key.
(https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-...)
At technical support, we received several reports of Access Denied scanning or deployment issues since the June 2022 updates, released on June 14th.
Patches involved:
KB5014697 for Windows 11
KB5014699 for Windows 10
To prevent the Access Denied errors, make sure that all your scanning servers are updated to the latest Windows patch level. Once all systems are up to date, agentless scanning should keep working without errors.
Should you still have issues, don't hesitate to shoot us a mail at suport@lansweeper.com.
To help us troubleshoot the problem, can you please provide us with:
Program Files (x86)\Lansweeper\Service\Errorlog.txt, as present on your Lansweeper scanning server.s
Screenshots of the Quickfix details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/Quickfix tab.
Screenshots of the OS details of your scanning servers, which can be found on the asset page for your scanning server under the Config/Windows/OS tab.
An export of the eventviewer information on the Lansweeper scanning servers + an example client machine that you are failing to scan.
Export the Windows Logs\System section, filtered for the last 7 days. Please use the .evtx format.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2022 10:03 AM
Thanks for the info. Embarrassingly, we are still running our Lansweeper server on a Windows 7 PC. It is on the to-do list!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2022 06:53 PM
Hey BeanMunster - does this article from Esben help any ? https://www.lansweeper.com/pro-tips/dcom-hardening/
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Exclude devices from report Windows Update Audit in Reports & Analytics
- Inside Lansweeper: Weekly Recap in General Discussions
- Linux and MacOS antivirus detection in Product Discussions
- Is there a better Deployment Package tutorial? in Deployment Packages
- Possible bug: Uninstall lsagent is messing with folder security in General Discussions
