MBSA Microsoft Baseline Security Analyzer not scanning all pc's

Posted on 2006-06-08
Last Modified: 2012-06-21
I keep getting the following responses for each pc that MBSA is trying to scan:
Computer not found.
Could not resolve to computer name.

I can ping the computers by name, so DNS is resolving the name.  And I get successful replies from the computers, so IP connectivity is working.

Does anybody know what this could be?   Could it be that the Microsoft Firewall on the target computers is preventing the scan?

Question by:cliffordgormley
    LVL 13

    Expert Comment

    It could be possible that DNS is not resolving to correct IP address.

    Sometimes, DNS does not update quick enough and you see incorrect IP and Name pairs.

    Have you check if the machine name is resolving to correct IP address or not.

    To do this, ping the machine by name.(You will get the IP address).

    Now go to that machine and check the IP address by ipconfig.

    They should match.
    LVL 38

    Expert Comment

    by:Rich Rumble
    The firewall sounds more likely, especially if you put the IP into the mbsa and use the IP rather than the DNS name. The MBSA also requires admin priv's on the pc it's scanning. The firewall on XP Pro is turned on automatically when SP2 is applied.

    Author Comment

    Prashax.  I stated that DNS works when I ping the target computer by name.  So that is not the problem.

    Rich.  You are probably correct.  So does that mean I have to go to each machine and disable the firewall to run MBSA?  Maybe I could use Group Policy to temporarily disable the firewall, run MBSA, then re-enable the Firewall.  MBSA must have come out before the XP firewall for this to happen.
    LVL 13

    Assisted Solution

    You can create a GP to disable the firewall.

    But, since you are able to ping those machine, see if you can remotly access their c$, and can connect using computer management.

    MBSA scans files and registry using admin$ share and remote registry.

    This can also happen if do not have admin rights on that machine.
    LVL 5

    Assisted Solution


    It is also worth ensuring that you have the latest version of MSBA (you have probably already done this, but IT thought it was worth mentioning just in case).

    If you are trying to scan a win xp sp2 machine you need this version of MSBA to be compatible -

    You can manage the firewall vi GP, or if you have access to the machine you could just manually turn it off to run the scan - which would confirm whether the firewall was the issue or not.


    LVL 38

    Accepted Solution

    You can use the Group Policies to turn off the firewall, or to make an exception for the pc that your scanning from. Typically on a Lan the firewall isn't necessary unless you have regular Virus outbreaks or users that might be "script-kiddies" and just too curious. We have over 5000 pc's and leave it off. We also follow best practices and don't allow our users to be local admins of their PC's, so they can't install unapproved software and it also mitigates against spyware and viri

    The MBSA came out before XP was even released, and win2k and NT don't have firewalls. The only port you need to open is 445 tcp, and or you can open 135-139 tcp or udp.
    I would open port 445 from to the "mbsa_pc_name"
    LVL 7

    Expert Comment

    Install NETBIOS on the pc you are using to do the scanning.  This should fix the issue.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now