Scan fails- Firewall team not being helpful
We are trialing Deploy/Inventory. My initial Inventory scan seems to have grabbed all machines on the same network as the machine doing the scan. However, the other several thousand machines show as "Computer unreachable or offline".
When I run Remote Repair, it initially shows as not being able to connect to the IPC$ share. Yet, if I run Remote Repair again, it passes all four tests. If I try to scan now, it returns the error "Failed to write on target".
Windows Firewall is off on domain profile, so I don't think that should be an issue. We use ESET (NOD32) for AV, but I'm having the same issue on lab VMs where AV is not installed, so I'm not sure that's the problem.
The only thing I can think of is our Palo Alto firewall. i've shared the Firewall exceptions document with the Firewall team, but the initial response is exceptions are already in place.
Anyone have any ideas of how to further troubleshoot with the Firewall team? Has anyone run into something similar?
Thanks!
Comments
can you probe the SMB ports on one of the remote targets with something like nmap? Or telnet on port 139 (netBIOS) or 445 (TCP)? That'll tell you if the firewall is blocking SMB traffic.
This might help for testing your connections...
https://blogs.technet.microsoft.com/configmgrdogs/2014/08/20/test-your-collection-wql-queries-using-wbemtest-and-powershell/
https://technet.microsoft.com/en-us/library/cc180684.aspx