Microsoft, Baseline Security Analyzer, 2.1, not scanning all workstations

I am running Microsoft Baseline Security Analyzer from Server 2003 and the scan log is reporting that many of the domain computers are unreachable because their names could not be resolved.  I have checked and rechecked dns entries on the domain controller, disabled firewalls on all workstations (verified that service is not started), and even set the Network Access: sharing and Security Model for Local Accounts (in Local Security Policy) to Classic.  
Note:  I have also tried to run this from both the domain controller and another server.

Scanning either the whole domain, range of IPs, or individual IPs yields the same result. Please help...
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

See if this FAQ helps:

Also, see the explaination for your error:
Q: Why am I seeing error "Could not resolve the computer name: name. Please specify computer name, domain\computer, or an IP address."?
This error is common when scanning based on an IP address range. This is because MBSA will convert the range into a list of specific IP addresses for that range and attempt to resolve each IP address into the associated NetBIOS computer name. When that name resolution cannot be performed because the computer is switched off, or the IP address is not in use, this error will be returned.

The error can also happen when using a domain name of domain members are not accessible on the network, such as a laptop computer roaming outside the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to be scanned, you will also see these errors. In that case, you need to use the NetBIOS compatible domain name.

Hope that helps
- Kelvin
Also make sure you have the agents running on all the client machines.
I came across a reply from a Microsoft staff regarding a person with similiar problems.

Maybe you can run through the points he mentioned:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CrashCrackAuthor Commented:
I was scanning using the NetBIOS domain name and also by IP.

I checked the help file in MBSA and I'm sure that both the scanning computer and the target computers meet all requirements except one.  The Windows Update Agent 3.0: how do I know if I have it installed?
The presence of update agent 3 can be verified by looking at the c:\windowsupdate.log file at one of the clients. Search for lines with WU client version in them. That should read (like client version 7.2.6001.784).
Maybe you have to use a sniffer like wireshark to see if traffic is getting through to the client. I never had these problems but we don't use any firewalls - I suspect those, even if the service is stopped. Uninstall one.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.