My Windows Domain credentials are not working for various large scans.
On one of the scan, out of 100+ Windows servers, the domain credentials are successfully working on 6 odd servers and for all others it's failing.
In the CSV report it says, Error Code 3001 "Logon failed; deselecting credentialed checks for this host."
Good or Bad but it's not locking the domain account as well.
The account I am using is Domain admin account for the scans.
Can someone please help ?
do you have the exact syntax of the error as it's logged in the MVM Daily log? It might help to turn on verbose WHAM logging:
This is done via a registry tweak on the Scan Engine:
[HKEY_LOCAL_MACHINE]\SOFTWARE\Foundstone\Foundscan\Tweaks] (for 32-bit host) or
[HKEY_LOCAL_MACHINE]\SOFTWARE\Wow6432Node\Foundstone\Foundscan\Tweaks] (for 64-bit host)
** if the key "Tweaks" doesn't exist, create it. **
LogWam DWORD Value 'ff'
Re-run the scan, and send the syntax of the error that is logged.
In our case we had a corrupt certificate on one of our appliance scan engines.
1. Stop FCAgent
2. Rename CustomTrustedCA.pem to CustomTrustedCA.pem.bak
3. Start FCAgent
4. Optionally Reinstall Customer-Specific Certificate from FCM