Ray, How is the following configuration set on your Windows 2008 system:
Control Panel (Classic View) => System => Remote settings (upper left hand corner). It should be set to: "Allow connections from computers running any version of Remote Desktop". Let me know if this helps. Paul Ray Van Dolson wrote: > Hi all, I'm trying to run a credentialed scan against a Windows Server > 2008 machine from a box running Nessus 3.2.1. I initially was doing > this from NessusClient, but am testing with nasl as follows: > > ./nasl -T /tmp/hi.log -X -t 10.49.102.75 \ > /opt/nessus/lib/nessus/plugins/compliance_check.nbin > > Then providing a valid SMB account as prompted. > > The problem is that none of the credentialed checks appear to be > succeeding. I have verified that the account supplied is in the local > Administrators group, and I can remote desktop into the machine as that > user just fine. > > Output from the nasl command is as follows: > > There was an error during compliance check initialization. Nessus returned > the following error message : > Some errors occurred when attempting to perform the compliance checks : > can't initialize the audit engine: AUDIT_ERROR_NO_SOCKET: an error happened > while opening a socket > > I did a tcpdump while running the above command and noticed that > Windows responds with a 'reset' packet in response to Nessus' initial > packet to port 445 -- almost like a firewall. However, the firewall is > disabled on this machine. > > Also, I am unable to connect to the default shares on the machine using > smbclient (C$, ADMIN$). I get the following error there: > > $ smbclient //STDBSTG/C$ -I 10.49.102.175 -U nessus > Password: > Domain=[STDBSTG] OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack > 1] Server=[Windows Server (R) 2008 Enterprise 6.0] > tree connect failed: NT_STATUS_ACCESS_DENIED > > Perhaps this is related. > > Anyone have any suggestions? I figure this must be some security > setting in 2008... > > Thanks, > Ray > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Best Regards, Paul Davis Research Engineer Tenable Network Security Inc Phone: 410.872.0555 x245 www.tenablesecurity.com Is your network TENABLE? _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
