Microsoft, Baseline Security Analyzer, 2.1, not scanning all workstations

I am running Microsoft Baseline Security Analyzer from Server 2003 and the scan log is reporting that many of the domain computers are unreachable because their names could not be resolved.  I have checked and rechecked dns entries on the domain controller, disabled firewalls on all workstations (verified that service is not started), and even set the Network Access: sharing and Security Model for Local Accounts (in Local Security Policy) to Classic.  
Note:  I have also tried to run this from both the domain controller and another server.

Scanning either the whole domain, range of IPs, or individual IPs yields the same result. Please help...
Who is Participating?
I came across a reply from a Microsoft staff regarding a person with similiar problems.

Maybe you can run through the points he mentioned:
See if this FAQ helps:

Also, see the explaination for your error:
Q: Why am I seeing error "Could not resolve the computer name: name. Please specify computer name, domain\computer, or an IP address."?
This error is common when scanning based on an IP address range. This is because MBSA will convert the range into a list of specific IP addresses for that range and attempt to resolve each IP address into the associated NetBIOS computer name. When that name resolution cannot be performed because the computer is switched off, or the IP address is not in use, this error will be returned.

The error can also happen when using a domain name of domain members are not accessible on the network, such as a laptop computer roaming outside the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to be scanned, you will also see these errors. In that case, you need to use the NetBIOS compatible domain name.

Hope that helps
- Kelvin
Also make sure you have the agents running on all the client machines.
CrashCrackAuthor Commented:
I was scanning using the NetBIOS domain name and also by IP.

I checked the help file in MBSA and I'm sure that both the scanning computer and the target computers meet all requirements except one.  The Windows Update Agent 3.0: how do I know if I have it installed?
The presence of update agent 3 can be verified by looking at the c:\windowsupdate.log file at one of the clients. Search for lines with WU client version in them. That should read (like client version 7.2.6001.784).
Maybe you have to use a sniffer like wireshark to see if traffic is getting through to the client. I never had these problems but we don't use any firewalls - I suspect those, even if the service is stopped. Uninstall one.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.