Remark: This topic is only related to Active Directory Scanning targets such as:
- Active Directory Domain
- Active Directory User Path
- Active Directory Computer Path
When seeing an access denied scanning issue in one of your Active Directory scanning targets, the issue likely occurs because Lansweeper cannot connect to the Domain Controller at that time.
To resolve this issue, you can run through to below steps:
- Double-check that your domain controllers are online.
- Double-check that there are no DNS issues. A ping to the domain controllers' FQDNs from your Lansweeper server should be successful. If it isn't, this points to a DNS issue that you'll need to resolve on your DNS server.
- Double-check that firewalls are not blocking access to the domain controllers. Lansweeper contacts domain controllers on TCP port 389: https://www.lansweeper.com/knowledgebase/used-tcp-ports/
- Double-check that you've mapped a credential that has read-only access to Active Directory to both domains under Scanning\Scanning Credentials. We recommend resubmitting the credential password under Scanning\Scanning Credentials to ensure that it is correct.
- Run dcdiag /e /q on the domain controllers to look for Active Directory issues.
- Additionally, double-check what your NetBIOS and or DNS name is for your domain controller, and make sure that you have entered them correctly on your scanning target. You can follow the steps in this knowledge base article to retrieve this information: https://www.lansweeper.com/knowledgebase/findnetbiosname/
After reviewing the above steps, restart your Lansweeper server service.
