Symptoms

When attempting performing scan, you may receive error "Error code 201: Network connection error. Verify that you can logon to the specified machine " even though the most common prerequisites have been met, e.g.

• DNS resolution: nslookup machinename resolves correct IP
• Admin share access: net use \\machinename\IPC$ succeeds
• Remote registry connection: Able to connect to the machine from Regedit by going to File > Connect Network Registry...
• Windows Firewall is not configured.
• Have admin access to VM's, can map to VM's remotely C$ & IPC$.

Troubleshooting

On the target machine, the "Operational" log located under the Applications and Services Log/Microsoft/Windows/NTLM records warnings “NTLM server blocked: Incoming NTLM traffic to servers that is blocked”, "NTLM authentication requests to this server have been blocked."

Cause

NTLM Traffic is blocked on the target machine. Local Group Policy "Network Security: Restrict NTLM: Incoming NTLM Traffic" is configured as "Deny all domain accounts" or "Deny all accounts".

Resolution

Set "Network Security: Restrict NTLM: Incoming NTLM Traffic" to "Allow all".

Affected Products

Shavlik Protect 9.2.x

Ivanti Patch for Windows Servers 9.3.x