Jump to content

Scanning from Client Push Install issue

Recommended Posts

Hi,  I'm having an odd issue where some clients appear 'invisible' to the scan on the Client Push Install page.  I have a number of clients within an IP range, all with the same firewall, policies etc.  If I scan (simple scan, no software detection) the range then most clients appear, except for a few that just don't appear in the 'Computers found' list for no obvious reason.

I can see from the live firewall logging (while connected to an affected client) that the request from the server is arriving at the machine and is not being blocked.  There is nothing i can find that's different between the majority of clients that are scannable and the odd few that are 'invisible'.  

Please could you let me know if you have any ideas what may be stopping this working?


Link to post
Share on other sites

Thanks for the reply Dyllon,  All the clients I've seen this issue on at the moment are on different subnets to the server.  However, plenty of other machines on the same subnet as the ones that's failing are scanning correctly.  I've checked network configs, pinging across the subnets works fine etc. but can't seen anything obvious.

Yesterday I manually installed the client package on one of these machines and it's communicating with the server with no problems, so i have a manual install as a fallback but it would be good to understand what's going on.

Link to post
Share on other sites

The behavior you are seeing is a new issue, but is happening "by design". Check those machines for certain Windows update KB numbers. These recent updates have restricted using netbios across subnets (and within the same subnet if the server also has the update installed), so these machines will not show up. Our push tool uses netbios name services, the issue cannot be replicated by pinging the target machine and so ping is not a good test to confirm netbios connections.

The updates in question which block netbios across subnets are KB3161949, KB3163017 and KB3163018. There's four options available:

  1. Modify (if existing) or create the registry key HKLM\SYSTEM\CurrentControlSet\Services\NetBT|AllowNBToInternet a 32 bit dword with a value of 1.
  2. You can also bypass this with a GPO to allow an exception for netbios if you are using Windows Firewall:KB GPO Workaround.jpg
  3. Use an offline installer package created by the console in Policy -> Create Installation Package to install locally or through GPO/SCCM.
  4. Remove the updates from the server and the endpoint temporarily.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.