Security

last person joined: 17 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Network Scan stuck/hangs when scanning WinXP or Win2003 Server

This thread has been viewed 1 times

  • 1.  Network Scan stuck/hangs when scanning WinXP or Win2003 Server

    Posted Dec 21, 2018 02:21 AM

    We did a fresh install of Clearpass Version 6.7.8.109113 as a VM under ESX.

    The Network-Scanner/Profiler with WMI enabled stops working when it hits a WinXP or Windows 2003 Server. In the GUI the scan keeps on "running" state, i can't see any Network Paket with Wireshark to the targted machine.

     

    In this moment i can't start a new scan. I have to delete the scan an reboot the CPPM-VM.

     

    Enabling NTLMV1 Support doesn't make a change.

     

    Any tips?

    Clip1.png



  • 2.  RE: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

    MVP
    Posted Jan 09, 2019 11:37 PM

    I ran into this same issue, apparently there is a string returned from some Windows devices during the WMI query that CPPM's Linux Shell interprits as a command / string forcing the scan to actually stop, although it shows "running" in the web GUI. 

     

    I had to work with Aruba TAC to find this in the backend logs, and they suggested it as an unusual problem with the windows device itself. 

     

    We had to disable WMI query all together, but since it's only effective on Windows devices, and other profiling methods are fairly good at detecting Windows machines, we haven't been too concerned about it being turned off. 

     

    The other option is to setup the scans to avoid those specific IPs if they are reserved or static on the network.



  • 3.  RE: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

    Posted Jan 10, 2019 04:12 AM

    I called the Aruba Support and the can reproduce the problem. They are working on it, but I dond't have an soltion right now.

     

    I'm new to clearpass, can yout explain how specific IP's can be excluded from the wmi scan?



  • 4.  RE: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

    MVP
    Posted Jan 10, 2019 06:34 AM
    It's going to largely depend on how your network is setup, but basically
    when you define the subnets for scanning, you would exclude that subnet.
    Ideally you would hope it's a /24 or smaller, but it may be a challenge if
    the network is larger.

    In our case we disabled WMI all together because it would randomly pop up
    in multiple networks of ours and the other subnet scans would never
    complete. We have a lot of network space, so I have our subnet scans
    running back to back overnight almost every day.


  • 5.  RE: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

    Posted Jan 10, 2019 07:17 AM

    OK - i do so already.

    I thought you found a way to scan the Subnet but exlcude special IPs from scanning.



  • 6.  RE: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

    MVP
    Posted Jan 10, 2019 07:20 AM
    Unfortunately no, that would be nice though. You could theoretically
    further segment a /24 for example in your config though to minimize the
    skipped number of devices. It doesn't have to match the network size on the
    LAN though, it's just telling CPPM to scan IPs from this to that.