Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

MBSA cannot scan the whole domain

I am running MBSA 2 on windows server 2003. I am attempting to scan the entire domain, but when I do the scan it reports an error message:

"FTI\AI-FALLBRK-03 (192.168.0.80) Could not resolve the computer name: AI-FALLBRK-03. Please specify computer name, domain\computer, or an IP address."

As you can see it resolved the ip address, which is correct, but then tells me it can't find it.  If I scan the computer using only the ip address it works just fine. Running the scan on the domain multiple times will result in a apparently random set of computers with this error. Sometimes I will succesfully scan most of the domain, but most of the time ~80% of the clients error out. I've done the following to attempt to resolve the problem:

1) Firewall is disabled on server and client
2) Netbios is enabled on both and client is viewable from network neighboorhood on server.

Any ideas?
0
toes6996
Asked:
toes6996
  • 7
  • 6
  • 4
1 Solution
 
prashsaxCommented:
No it is not resolving correctly. This is very common in Dynamic DNS.

IP address 192.168.0.80 will be assigned to some other machine but your DNS is mapping it to AI-FALLBRK.

If you go to AI-FALLBRK locally and do a ipconfig, it will show you some different IP address.
0
 
toes6996Author Commented:
No it is resolving them correctly. When I ping the computer using its name dns returns the same ip and I get respones to the ping. Also, if I put that ip into MBSA as a single computer scan it will run just fine.

Thanks for the comment, though.
0
 
DaMaestroCommented:
First response (which you already answered) would be to force a domain policy disabling firewall and internet connection sharing

Hmmm maybe one of the machines has a mismatched fully qualified domain name (FQDN). It is possible that the software is trying to do a reverse DNS lookup and failing to match the information on the forward lookup.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
DaMaestroCommented:
http://www.microsoft.com/technet/Security/tools/mbsa2/qa.mspx
Browse down to the common errors section, it's the 8th question in that section
0
 
prashsaxCommented:
Ok, it is just a suggestion.

Whenever you have time please do it.

Goto command prompt.

nbtstat -A 192.168.0.80
Paste what you get using this command.
0
 
toes6996Author Commented:
In response to DaMaestro:

Been there already. I'm not using the FQDN for the domain name, I'm using the pre-win2k netbios name. Also, I've identified several of the computers with this error as on the network and having the IP listed in the error.  MBSA doesn't use DNS, it uses netbios.  

Good suggestion though, and thanks as always.

In response to prashsax:

Here is nbtstat:

Local Area Connection:
Node IpAddress: [192.168.0.81] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    FRESHSTART     <00>  UNIQUE      Registered
    FTI                    <00>  GROUP       Registered
    FRESHSTART     <20>  UNIQUE      Registered
    FTI                    <1E>  GROUP       Registered

    MAC Address = 00-12-3F-31-BA-06


0
 
prashsaxCommented:
Why did it resolved FRESHSTART and not AI-FALLBRK-03.

Have you used IP address as 192.168.0.80 or not.

What command have you used: Is it this:

nbtstat - A 192.168.0.80

0
 
toes6996Author Commented:
prashsax:

That nbtstat was from a computer named TALLINN. AI-FALLBRK-03 actually turned out to be off. TALLINN was getting the same error as AI...

After reading you post it hit me like a ton of bricks. You were right in the first place. DNS is hanging on to old records from DHCP and so multiple names are pointing to one ip. So, TALLINN isn't really on the network, it is FRESHSTART that is on the network. So, I'm gonna give you the points and I was hoping maybe you know this answer: How do I get dns to purge old records?

Thanks!
0
 
DaMaestroCommented:
Hey my second response contained the same info in the link, no assist points??
0
 
prashsaxCommented:

To solve it, just enable secure and unsecure updates to be added to DNS server.

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. Under DNS, expand the applicable DNS server, expand Forward Lookup Zones , and then click the applicable zone.  
3. On the Action menu, click Properties.
4. On the General tab, verify that the zone type is Active Directory-integrated.
5. In the Allow dynamic updates? box, click noth secure and unsecure updates.

With this clients will update there new IP address with DNS server.
0
 
toes6996Author Commented:
Quote from MBSA FAQ:

"This error is common when scanning based on an IP address range. This is because MBSA will convert the range into a list of specific IP addresses for that range and attempt to resolve each IP address into the associated NetBIOS computer name. When that name resolution cannot be performed because the computer is switched off, or the IP address is not in use, this error will be returned.

The error can also happen when using a domain name of domain members are not accessible on the network, such as a laptop computer roaming outside the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to be scanned, you will also see these errors. In that case, you need to use the NetBIOS compatible domain name."

What part of this answer says my problem is DNS storing more than one record from DHCP? If you can answer that I'll give you the points. I'm not trying to be an ass, just fair.


0
 
toes6996Author Commented:
prashsax:

I don't feel very comfortable allowing unsecured updates. Would setting up the credentials in DHCP and only allowing secure updates to DNS suffice? Or is there something I'm missing here?

Thanks again!
0
 
prashsaxCommented:
You have to test it.

You are right, unsecure updates are not a good way to do it.

But, I used it as a temp to fix the problem.

After that I moved to other project so I don't know what other admin did.
0
 
toes6996Author Commented:
Cool. Thanks for the help! I'll try it out.
0
 
DaMaestroCommented:
~When that name resolution cannot be performed because the computer is switched off, or the IP address is not in use, this error will be returned.~
~AI-FALLBRK-03 actually turned out to be off. ~

The IP address 192.168.0.80 was indeed not being used by AI-FALLBRK-03 that DNS reported because it was off.  It did not spell out verbatim that the DNS records were old, but the outdated records were a result of the machine being off, which was indeed mentioned as shown previously.

In addition, my original comment (It is possible that the software is trying to do a reverse DNS lookup and failing to match the information on the forward lookup.) is valid because the IP address is now being used by a different device.
0
 
toes6996Author Commented:
I suppose the deserves some points. Not quite as clear and direct as prashsax, but useful nonetheless.  Now I just need to figure out how to go back and give them.....
0
 
prashsaxCommented:
MBSA does not require reverse lookup zone to work.

Secondly this mismatch of names and IP address occurs due to machines not able to register there IP address to DNS.(As soon as they receive IP from DHCP). So, old record were not overwritten.

MBSA uses NETBIOS to connect to target machines.

Now NETBIOS uses registered service name to provide services which are called pipe. Unlike TCP which uses ports.

Now what happens is that when MBSA resolves IP address from machine name, it send a NETBIOS request to remote machines using its IP address. (This is because NETBIOS over TCP/IP is enabled)

Now as NETBIOS request reaches the machine, machines looks for the service name which is to be used.

The service name does not match and hence you receive an error network path not found etc.
You can view the service name using NBTSTAT -A X.X.X.X command. Service name would always use machine name.

So, when a NETBIOS request reaches a IP address with different machine name it gives you an error.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now