QUESTION
When I run a Latest or Baseline Scan on a agent, why does my scan fail with the message "Error Scanning"?
ANSWER
Generally there are a wide variety of reasons why a KSDU scan fails. Here are some steps to help you narrow down the issue.
1). One common issue is that the agent lacks Administrative rights. Check the Agent tab > Agent Logs > Agent Procedure Logs. Look for the time when the scan last ran and see why the scan failed. The log will be specific and say that the credentials don't have administrative rights to execute the command. If this is the case, set another account in the Agent > Set Credentials section and see if the scans succeed then.
2). Navigate to the agent locally and go to its working directory. Within the working directory, navigate to the KSDU folder and look for NiniteOne.exe. Execute this file. When you execute this file, you should only see a pop-up asking you what programs to install. However, if anything else pops-up locally on the endpoint, this indicates that something else is blocking this program from executing. Some common issues are UAC is enabled, GPO settings prevent exe from running, and security programs are blocking the execution of the program.
3). Another common issue is that the application does not have access to the KSDU websites to run a successful scan. The websites are listed below.
-Agents have access to
-ninite.com on port 443
-ocsp.digicert.com on port 80
-crl3.digicert.com on port 80
-crl4.digicert.com on port 80