→ The Lansweeper Customer Excellence Awards 2024 - Submit Your Project Now! Learn More & Enter Here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BillClark22
Engaged Sweeper
Running Lansweeper v8.4.010.8 from a server joined to our domain. Everything works as should. We have added several Windows 10 Pro PC's to our network, but they are NOT joined to the domain. In addition, the local firewalls are turned off. They use the same IP subnet and also use our internal DNS for lookups. Each of these PCs has a local account that is a local Administrator. I've created a new scanning credential, with a Type of "Windows", and the Login as ".\<LocalAccount>" I then mapped this credential to one of these Windows 10 PCs and did a Rescan Asset command. It shows "Scan in Progress", but ends about 10 seconds in and I see "Access Denied" in the Errors tab. Looking in the Event Viewer on the destination PC, I see an Audit Success event that shows the same security ID as the new scanning credential. I've double-checked that the local account is indeed an admin and it is. Not sure where my problem is. Has anyone ran across this?
5 REPLIES 5
BillClark22
Engaged Sweeper
I created another credential to test, this time using "<TargetPC>\<Local Admin>". I get the same results. I don't see anything useful under the WMI event you suggested. In the Security log on the TargetPC, I see several Audit Success entries (#4672) with the credentials I specified. I then see a 4624 Logon, immediately followed by a 4634 Logoff. I then see several Audit Failures as it appears the Global Credential is then being attempted and it fails. Is there some type of special privilege that needs assigned, something that isn't assigned normally as being a Local Administrator? I went ahead and sent the original question to tech support, we'll see if they can shed any light on this issue.
grimstar
Champion Sweeper II
BillClark22 wrote:
I created another credential to test, this time using "<TargetPC>\<Local Admin>". I get the same results. I don't see anything useful under the WMI event you suggested. In the Security log on the TargetPC, I see several Audit Success entries (#4672) with the credentials I specified. I then see a 4624 Logon, immediately followed by a 4634 Logoff. I then see several Audit Failures as it appears the Global Credential is then being attempted and it fails. Is there some type of special privilege that needs assigned, something that isn't assigned normally as being a Local Administrator? I went ahead and sent the original question to tech support, we'll see if they can shed any light on this issue.


You aren't witnessing DCOM errors associated to the timing of your scan as well by any chance? If so you have a patch mismatch related to DCOM hardening. Both the server and client need to be at or above September 2021 patch levels for their respective OS.
BillClark22
Engaged Sweeper
Running that command from the scan server I get the following:
Node - <Node name>
ERROR:
Description = Access is denied.

The nodes in question do have static entries in DNS, but I don't think that would cause any confusion. There is another local admin account that was also tested, same results.
grimstar
Champion Sweeper II
BillClark22 wrote:
Running that command from the scan server I get the following:
Node - <Node name>
ERROR:
Description = Access is denied.

The nodes in question do have static entries in DNS, but I don't think that would cause any confusion. There is another local admin account that was also tested, same results.


Ok, well if that is unsuccessful then the issue resides elsewhere in your configuration and not specifically within Lansweeper. I am able to replicate that response on my end with two slight variations in how it occurs based on the scenario.

1. Valid Username + Invalid Password = Almost instantaneous failure.
2. Invalid Username + Password = Delay of a few seconds before it eventually fails.

Unfortunately I don't have direct access to the machine I am testing with right now to see if event viewer on the far end gleans any additional details. It's possible you may get more information from Applications and Services Logs > Microsoft > Windows > WMI-Activity.
grimstar
Champion Sweeper II
BillClark22 wrote:
Running Lansweeper v8.4.010.8 from a server joined to our domain. Everything works as should. We have added several Windows 10 Pro PC's to our network, but they are NOT joined to the domain. In addition, the local firewalls are turned off. They use the same IP subnet and also use our internal DNS for lookups. Each of these PCs has a local account that is a local Administrator. I've created a new scanning credential, with a Type of "Windows", and the Login as ".\<LocalAccount>" I then mapped this credential to one of these Windows 10 PCs and did a Rescan Asset command. It shows "Scan in Progress", but ends about 10 seconds in and I see "Access Denied" in the Errors tab. Looking in the Event Viewer on the destination PC, I see an Audit Success event that shows the same security ID as the new scanning credential. I've double-checked that the local account is indeed an admin and it is. Not sure where my problem is. Has anyone ran across this?


I just tried storing credentials using the same format and it was successful. I suppose the difference in my situation is that it could have fallen back to the global credential (domain based) if the local failed, however I have no indication as such that the local failed.

Much of what Lansweeper does is WMI based. Have you attempted to run a remote query from your scan server using the credentials you have configured in order to validate it is successful outside of the Lansweeper application? Example -

wmic /node:"<MachineName" /user:"<LocalAccount>" os get name


You will be prompted for the password.