Jason Creech

Authenticated Scanning:  Active Directory Response Time Impact on Authenticated Scanning

Discussion created by Jason Creech on Oct 30, 2012

Hello All,

 

In effort to share trouble-shooting tips and techniques, this discussion covers a scenario where Active Directory response performance can impact successful authenticated scanning in AD environments.

 

Occasionally, I encounter customers who have reported getting significant numbers of "insufficient privileges" errors during authenticated PC scans.

 

One possible cause could be how long the network takes to responde to AD and DNS queries.

 

If you do encounter a situation where a significant percentage of your Windows assets respond with "insufficient privileges" and affected assets seem to be different from scan to scan, try changing the performance value from "normal" to "low" in the compliance profile used to scan those assets.  The increased scan time length is negligible but I have seen customers go from a 30-40% failed authentication rate, to 100% successful authenticated scanning with that single parameter change.

 

Best regards,

 

Jason Creech

Outcomes