FIX: Unable to Inventory Domain Controller

  • 7005680
  • 06-Apr-2010
  • 27-Apr-2012

Environment

PlateSpin Recon

Situation

This article discusses an issue when attempting to inventory a Domain Controller fails with following error:

 

 

You will be able to Inventory other machines but unable to inventory Domain Controllers. You may also see the error below in event logs on the Recon Server:

This can be an issue when a domain environment is highly locked down and secured. WMI/WBEMTEST test will be successful.

Resolution

To resolve this issue, follow the steps below:
 
  1. Click Start > Programs > Administrative Tools > Domain Controller Security Policy, expand e xpand Local Policies > User Rights Assignment .
  2. Double-click on “Replace a Process Level Token” policy in the right-window pane.
  3. Add the NETWORK SERVICE and LOCAL SERVICE accounts to the policy.
  4. Repeat step 3 and 4 for “Create a Process Level Token” policy as well.
  5. Refresh the policy by running “GPUPDATE /FORCE” command (for Windows 2003/XP) or “SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE" command (for Windows 2000).