Solved

MBSA cannot scan the whole domain

Posted on 2006-07-12
17
591 Views
Last Modified: 2010-04-11
I am running MBSA 2 on windows server 2003. I am attempting to scan the entire domain, but when I do the scan it reports an error message:

"FTI\AI-FALLBRK-03 (192.168.0.80) Could not resolve the computer name: AI-FALLBRK-03. Please specify computer name, domain\computer, or an IP address."

As you can see it resolved the ip address, which is correct, but then tells me it can't find it.  If I scan the computer using only the ip address it works just fine. Running the scan on the domain multiple times will result in a apparently random set of computers with this error. Sometimes I will succesfully scan most of the domain, but most of the time ~80% of the clients error out. I've done the following to attempt to resolve the problem:

1) Firewall is disabled on server and client
2) Netbios is enabled on both and client is viewable from network neighboorhood on server.

Any ideas?
0
Comment
Question by:toes6996
  • 7
  • 6
  • 4
17 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 17093990
No it is not resolving correctly. This is very common in Dynamic DNS.

IP address 192.168.0.80 will be assigned to some other machine but your DNS is mapping it to AI-FALLBRK.

If you go to AI-FALLBRK locally and do a ipconfig, it will show you some different IP address.
0
 

Author Comment

by:toes6996
ID: 17094068
No it is resolving them correctly. When I ping the computer using its name dns returns the same ip and I get respones to the ping. Also, if I put that ip into MBSA as a single computer scan it will run just fine.

Thanks for the comment, though.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17094073
First response (which you already answered) would be to force a domain policy disabling firewall and internet connection sharing

Hmmm maybe one of the machines has a mismatched fully qualified domain name (FQDN). It is possible that the software is trying to do a reverse DNS lookup and failing to match the information on the forward lookup.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17094100
http://www.microsoft.com/technet/Security/tools/mbsa2/qa.mspx
Browse down to the common errors section, it's the 8th question in that section
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17094223
Ok, it is just a suggestion.

Whenever you have time please do it.

Goto command prompt.

nbtstat -A 192.168.0.80
Paste what you get using this command.
0
 

Author Comment

by:toes6996
ID: 17094752
In response to DaMaestro:

Been there already. I'm not using the FQDN for the domain name, I'm using the pre-win2k netbios name. Also, I've identified several of the computers with this error as on the network and having the IP listed in the error.  MBSA doesn't use DNS, it uses netbios.  

Good suggestion though, and thanks as always.

In response to prashsax:

Here is nbtstat:

Local Area Connection:
Node IpAddress: [192.168.0.81] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    FRESHSTART     <00>  UNIQUE      Registered
    FTI                    <00>  GROUP       Registered
    FRESHSTART     <20>  UNIQUE      Registered
    FTI                    <1E>  GROUP       Registered

    MAC Address = 00-12-3F-31-BA-06


0
 
LVL 13

Accepted Solution

by:
prashsax earned 250 total points
ID: 17094861
Why did it resolved FRESHSTART and not AI-FALLBRK-03.

Have you used IP address as 192.168.0.80 or not.

What command have you used: Is it this:

nbtstat - A 192.168.0.80

0
 

Author Comment

by:toes6996
ID: 17094980
prashsax:

That nbtstat was from a computer named TALLINN. AI-FALLBRK-03 actually turned out to be off. TALLINN was getting the same error as AI...

After reading you post it hit me like a ton of bricks. You were right in the first place. DNS is hanging on to old records from DHCP and so multiple names are pointing to one ip. So, TALLINN isn't really on the network, it is FRESHSTART that is on the network. So, I'm gonna give you the points and I was hoping maybe you know this answer: How do I get dns to purge old records?

Thanks!
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 6

Expert Comment

by:DaMaestro
ID: 17095029
Hey my second response contained the same info in the link, no assist points??
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17095045

To solve it, just enable secure and unsecure updates to be added to DNS server.

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. Under DNS, expand the applicable DNS server, expand Forward Lookup Zones , and then click the applicable zone.  
3. On the Action menu, click Properties.
4. On the General tab, verify that the zone type is Active Directory-integrated.
5. In the Allow dynamic updates? box, click noth secure and unsecure updates.

With this clients will update there new IP address with DNS server.
0
 

Author Comment

by:toes6996
ID: 17095069
Quote from MBSA FAQ:

"This error is common when scanning based on an IP address range. This is because MBSA will convert the range into a list of specific IP addresses for that range and attempt to resolve each IP address into the associated NetBIOS computer name. When that name resolution cannot be performed because the computer is switched off, or the IP address is not in use, this error will be returned.

The error can also happen when using a domain name of domain members are not accessible on the network, such as a laptop computer roaming outside the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to be scanned, you will also see these errors. In that case, you need to use the NetBIOS compatible domain name."

What part of this answer says my problem is DNS storing more than one record from DHCP? If you can answer that I'll give you the points. I'm not trying to be an ass, just fair.


0
 

Author Comment

by:toes6996
ID: 17095118
prashsax:

I don't feel very comfortable allowing unsecured updates. Would setting up the credentials in DHCP and only allowing secure updates to DNS suffice? Or is there something I'm missing here?

Thanks again!
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17095132
You have to test it.

You are right, unsecure updates are not a good way to do it.

But, I used it as a temp to fix the problem.

After that I moved to other project so I don't know what other admin did.
0
 

Author Comment

by:toes6996
ID: 17095183
Cool. Thanks for the help! I'll try it out.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17095484
~When that name resolution cannot be performed because the computer is switched off, or the IP address is not in use, this error will be returned.~
~AI-FALLBRK-03 actually turned out to be off. ~

The IP address 192.168.0.80 was indeed not being used by AI-FALLBRK-03 that DNS reported because it was off.  It did not spell out verbatim that the DNS records were old, but the outdated records were a result of the machine being off, which was indeed mentioned as shown previously.

In addition, my original comment (It is possible that the software is trying to do a reverse DNS lookup and failing to match the information on the forward lookup.) is valid because the IP address is now being used by a different device.
0
 

Author Comment

by:toes6996
ID: 17095656
I suppose the deserves some points. Not quite as clear and direct as prashsax, but useful nonetheless.  Now I just need to figure out how to go back and give them.....
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17100509
MBSA does not require reverse lookup zone to work.

Secondly this mismatch of names and IP address occurs due to machines not able to register there IP address to DNS.(As soon as they receive IP from DHCP). So, old record were not overwritten.

MBSA uses NETBIOS to connect to target machines.

Now NETBIOS uses registered service name to provide services which are called pipe. Unlike TCP which uses ports.

Now what happens is that when MBSA resolves IP address from machine name, it send a NETBIOS request to remote machines using its IP address. (This is because NETBIOS over TCP/IP is enabled)

Now as NETBIOS request reaches the machine, machines looks for the service name which is to be used.

The service name does not match and hence you receive an error network path not found etc.
You can view the service name using NBTSTAT -A X.X.X.X command. Service name would always use machine name.

So, when a NETBIOS request reaches a IP address with different machine name it gives you an error.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now