none
Intermittent issue with NIC on Windows server 2019 RRS feed

  • Question

  • We are having an intermittent problem when using tenable.io and cannot pinpoint the issue. We have worked with tenable support trying to figure this issue out their response was and I quote "ones you get this working the scanning should work." Seems like they have never had this problem. The account we use to scan has the right access and is part of administrators. The troubleshooting links they sent me when tested:

    https://community.tenable.com/s/article/Troubleshooting-Credential-scanning-on-Windows

    > net use \\x.x.x.x\ipc$ /user:username password
    
    > net use \\x.x.x.x\admin$ /user:username password
    > reg query \\x.x.x.x\hklm

    The commands above completed successfully. 

    ^ this command didn't complete it spat out "System Error 5 has occurred. Access is denied.", but from my understanding I do not want this command to work because then the share can be accessed anonymously. (Please correct me if I am wrong)

    Also they recommended I do a wbemtest which was successful as well.

    Here is what we did outside of tenables troubleshooting recommendations. 

    1. Access is denied due to User Account Control (UAC)

    Going into this direction did not resolve the problem.

    2. Next attempt, I moved Server1 from the "restricted server" OU in department to stay away from the CIS-CAT GPOs.

    Still could not get "net use \\111.111.111.11" work.

    3. Next I thought there was something wrong between Server1 and the COMPANY domain.

    a) Check Azure hybrid domain-join, no problem there.

    b) Remove Server1 from COMPANY domain but "net use \\111.111.111.11" still didn't work.

    THIS is what worked to get the scanning to run on one of our servers.

    Go to "Control Panel-Network and Internet-Network and Sharing Center-change network adapter settings"
    a) Add a new IP address to the *only* enabled network interface. I added 111.111.111.16 (in addition to 111.111.111.11 that was already configured.")
    b) After that I checked, "net use \\111.111.111.11" still didn't work but "net use \\111.111.111.16" worked.
    c) I removed "111.111.111.11" from tje IPV4 setting and replaced it with "111.111.111.16" and then added "111.111.111.11" as an additional IP address. Now both "net use \\111.111.111.16" and "net use \\111.111.111.11" worked.
    d) I then removed "111.111.111.16" from the IPV4 settings and replaced it with "111.111.111.11" and then added "111.111.111.16" as an additional IP address. Both "net use \\111.111.111.11" and "net use \\111.111.111.16" still worked.
    e) After that I rebooted the server and when the server came back up, unfortunately both "net use \\111.111.111.11" and \\net use \\111.111.111.16" did not work.
    f) I removed "111.111.111.16" from the IPV4 settings and then repeated the steps a) to d) and now both "net use \\111.111.111.11" and "net use \\111.111.111.16" worked.

    We are using a Microsoft Network adapter multiplexor driver 10gb LACP trunk.

    Please any ideas as to why this keeps happening?


    • Edited by AsapTesting Thursday, October 15, 2020 10:47 PM
    Thursday, October 15, 2020 10:12 PM

All replies