Problem scanning entire domain or IP range - MBSA 2.0
Lydell Anderson
Problem is, when I try to scan my entire domain using the "Pick multiple
computers to scan" option I get "critical scanning problems". None of the
scans complete successfully. Instead I get a combination of "computer not
found" and "could not resolve the computer name" errors. I never had this
problem in version 1.2.1. I've tried confirming that I can access admin
shares and can connect via the registry and it works just fine. The
firewall is off for all of my client workstations by Group Policy. The
weirdest thing of all to note is that if I choose a computer to scan
individually, it works. It's only when I choose to scan multiple computers
using the domain name or an IP range that I see this problem. Any
thoughts?
Doug Neal [MSFT]
Access to the remote registry and C$ shares were all that was necessary for
MBSA 1.2.1 to perform both Vulnerability Assessment (VA) and security update
(patch) checks. With MBSA 2.x, the remote registry and C$ access is only
sufficient enough to perform VA checks. The security update checks are
performed by the WUA agent on each target machine. So not only is an
exception through the firewall necessary to establish a connetion to each
target client's WUA client, the latest WUA client available must be
installed to each target machine.
When scanning a single machine, access directly to that machine is all that
is necessary. When scanning an IP address or domain, you also need to
ensure your DNS/WINS lookup tables are up-to-date so MBSA can obtain the
list of target machines based on either IP address or domain controller
(WINS/DNS) registration.
A few things to troubleshoot:
o Confirm all prerequisites for remote scanning in MBSA 2.x have been
reviewed (see the online MBSA 2.x FAQ or the MBSA help for details). These
are different than MBSA 1.2.1, so you'll likely want to review these.
o Manually install the latest WUA agent to a few target machines in a
smaller IP address range to confirm a smaller sampling of clients with the
latest clients will successfully scan
o Confirm your WINS/DNS lookups resolve to the specific IP address
and/or NetBIOS name of your target machines (perhaps type PING <Machine
Name> and PING <IP address> to confirm both respond with the same IP address
for the target machine)
Please let me know how these steps work and if they help you resolve this
issue. You may also want to try the MBSA 2.1 Beta which is eacy to download
and try. Thanks.
--
--
Doug Neal [MSFT]
du...@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
"Lydell Anderson" <lydella...@NOSPAM.hotmail.com> wrote in message
news:%23Fqw22j...@TK2MSFTNGP04.phx.gbl...
Lydell Anderson
looks well. I also confirmend DNS lookups match the IP for the respective
machines. I find it interesting that I would be able to do VA checks seeing
that i can access C$ and remote registry, yet MBSA reports the computers as
being "not found" all together. One very interesting thing to note is that
I brought up the list of previous security reports and looked at a couple
that went through successfully. I upgraded to 2.0 about two weeks ago...
Some of these reports were from after the upgrade! They said they were
scanned with MBSA verision 2.0.6706.0. I know for a fact that these were
scanned using the "multiple computer" option. At one point this
functionality seems to have worked? Any thoughts?
"Doug Neal [MSFT]" <du...@online.microsoft.com> wrote in message
news:%23kUtPRl...@TK2MSFTNGP02.phx.gbl...
Lydell Anderson
"Lydell Anderson" <lydella...@NOSPAM.hotmail.com> wrote in message
news:OssOxJpI...@TK2MSFTNGP06.phx.gbl...
Doug Neal [MSFT]
contacting Product Support Services (PSS) using one of the links below my
signature line? This call should be no charge since it relates to a
security / security tool issue. Our PSS staff is best trained to
troubleshoot this issue interactively with you and could likely solve this
faster than through the newsgroup.
I'm sorry I wasn't able to help solve this issue at this time. But please
reply back concerning your resolution with PSS so we can share this with the
broader MBSA community.
--
--
Doug Neal [MSFT]
du...@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
"Lydell Anderson" <lydella...@NOSPAM.hotmail.com> wrote in message
news:u2pqVL5K...@TK2MSFTNGP05.phx.gbl...
GregB47304
having it working for about a year until our servers were shut down for a
power outage last week. I chekced ISA's internal network properties and found
the Domains list empty. I added my local domain to this list and was then
able to run a scan on the domain.