Highlighted
Frequent Contributor.. Frequent Contributor..
Frequent Contributor..
314 views

Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

The online experts day thread states "create new posts to ask your questions", so here is my new post.

 

I have credentials for NTCMD discovery.  I can log in to the probe and open an administrative command prompt and use those credentials to make a network drive connection to C$ or ADMIN$ on a neighboring machine, one in the same subnet, no firewall in between. 

 

Those same credentials fail against the same target system when doing a credential check in UD.  I get:

 

Error: Access is denied.

I am testing the credentials using the same probe from which I mapped the drive to the target system.  If I test the credentials against the probe itself they succeed.  The account is a domain admin account, and "Domain Admins" is a member of the local Administrators group on the target system. 

 

I even created a local account on the target system, added it to the Administrators group, ensured the probe could map the resources, and those credentials fail as well.

 

Thoughts?

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

Which version? It was a change between in 10.10...

 

Running xCmd from Windows 2008/R2 machine finishes with "Access Denied":

The problem is that on Windows Server 2008/2008 R2 by default xCmd uses the RPC/TCP protocol to contact the Service Control Manager on the remote computer instead of RPC/NP, which was used in older versions of Windows. In some cases, this may cause "Access Denied" error 5 to be reported, even though the user account that is used has local administrator rights on the target computer. This is because for this protocol the network account of the computer running the probe is used (when the probe runs under the LocalSystem account) – hence in the past the workaround was to run the probe under another user account. Recently we got to the bottom of this problem. One should be able to get the probe running under the LocalSystem account and resolve “Access Denied” problems by changing the configuration of the computer running the probe to use the RPC/NP protocol instead.

To do this, perform the following steps:

  • On the probe machine, start Registry Editor by running the regedit executable file.
  • In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  • Under this key, there may be a REG_DWORD value called SCMApiConnectionParam:
    • If this value is missing, add a new REG_DWORD value called SCMApiConnectionParam and set its value to 0x80000000.
    • If this value is already available in the registry, combine it with the 0x80000000 mask (using bitwise OR). For example, if there was a value 0x1 there, you would need to set this value to 0x80000001.
  • After that you need to restart the probe for the change to take effect.
Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.

View solution in original post

7 Replies
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

Hello,

 

Have you refer to http://support.openview.hp.com/selfsolve/document/KM194039

 

"HP Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."

Click the KUDOS star on the left to say 'Thanks'
0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

Which version? It was a change between in 10.10...

 

Running xCmd from Windows 2008/R2 machine finishes with "Access Denied":

The problem is that on Windows Server 2008/2008 R2 by default xCmd uses the RPC/TCP protocol to contact the Service Control Manager on the remote computer instead of RPC/NP, which was used in older versions of Windows. In some cases, this may cause "Access Denied" error 5 to be reported, even though the user account that is used has local administrator rights on the target computer. This is because for this protocol the network account of the computer running the probe is used (when the probe runs under the LocalSystem account) – hence in the past the workaround was to run the probe under another user account. Recently we got to the bottom of this problem. One should be able to get the probe running under the LocalSystem account and resolve “Access Denied” problems by changing the configuration of the computer running the probe to use the RPC/NP protocol instead.

To do this, perform the following steps:

  • On the probe machine, start Registry Editor by running the regedit executable file.
  • In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  • Under this key, there may be a REG_DWORD value called SCMApiConnectionParam:
    • If this value is missing, add a new REG_DWORD value called SCMApiConnectionParam and set its value to 0x80000000.
    • If this value is already available in the registry, combine it with the 0x80000000 mask (using bitwise OR). For example, if there was a value 0x1 there, you would need to set this value to 0x80000001.
  • After that you need to restart the probe for the change to take effect.
Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.

View solution in original post

Highlighted
Frequent Contributor.. Frequent Contributor..
Frequent Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

10.10 CUP 2, CP 13 Update 3

0 Likes
Highlighted
Frequent Contributor.. Frequent Contributor..
Frequent Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

Forgot we had to make this registry change months ago to our original probe.  Adding this to our internal Wiki for future reference.  Would be nice if the probe software installation made this change for us.  Thanks for the solution.

Tags (1)
0 Likes
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

Hello,

 

Whe i try to add 0x80000000 value, thet after clicking "OK, it appears with "0x41800000" it is good ?

 

thanks

0 Likes
Highlighted
Frequent Contributor.. Frequent Contributor..
Frequent Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

The value you should enter is

 

80000000

 

which in turn will look like this after you click OK

 

SCMApiConnectionParam     REG_DWORD     0x80000000 (2147483648)

0 Likes
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: Experts Day Question: NTCMD Credential Check Fails Between Machines on Same Subnet

Jump to solution

Ok !

 

Thath is what i was thinking about !

 

thank you for your reply

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.