Lansweeper pulls Windows computer data from WMI (Windows Management Instrumentation), a management infrastructure built into Windows operating systems. When scanning Windows computers without a scanning agent, you may at some point encounter machines that return "access denied" scanning errors. These errors are usually caused by your scanning credential lacking administrative privileges on the client machine, but can be caused by incorrect DCOM (Distributed Component Object Model) is a collection of Microsoft concepts and program interfaces where... or other settings as well.
If a Windows computer is generating an "access denied" error, do the following:
- Make sure the client machine is running a non-Home edition of Windows. Older versions of Windows Home operating systems cannot be scanned remotely and will need to be scanned with LsAgent or LsPush anyway. Non-Home editions of Windows can be scanned remotely without issue.
- Make sure the client machine's OS is fully patched, as some old Windows builds had issues with remote WMI access.
- Look at the Last Tried (= last scan attempt) date in the computer's Summary tab to determine when the scanning error occurred.
- If the scanning error is not recent, rescan the computer first to verify whether the scanning issue is still present. You can rescan one or more machines by clicking the Assets link at the top of the web console, ticking the checkboxes in front of the assets and hitting the Rescan button on the left.
- Make sure the user account you submitted as scanning credential in Lansweeper has administrative privileges on the client machine.
- Make sure you have the correct password of the user account and that this password is not expired.
- Re-submit your user account's password in Lansweeper to ensure that it is correct.
- Make sure the client machine's firewall is configured to allow WMI traffic. If the machine is using Windows Firewall, configuration instructions can be found in this knowledge base article.
- Make sure the computer meets the other Windows domain or workgroup scanning requirements. You can download (right-click and Save Link As) and run this script within an elevated Command Prompt on a problem computer to ensure DCOM, Windows Firewall and some other settings are correct. If you are using third-party firewalls, you will still need to check their configuration separately.
- Run the tool below on your Lansweeper server and submit the same scanning credential used by Lansweeper, as this will help in the troubleshooting process.
Program Files (x86)\Lansweeper\Actions\testconnection.exeYou must open the test tool on your Lansweeper scanning server, i.e. on the machine that has the Lansweeper Server service installed. Tests initiated from other machines cannot be used for troubleshooting purposes, as they do not replicate the exact network conditions experienced by Lansweeper.
- Within the test output, verify that the computer name is resolving to the correct IP address and that the WMI part is green. Once the WMI part is green, Lansweeper should be able to scan the machine as well.
- Make sure the local time is correctly configured on the client computer, the Lansweeper scanning server and your domain controller. A time difference of more than 15 minutes between client and server can cause unexpected results in Active Directory domains.
- As a last resort, try removing the computer from your domain and re-adding it.