Discovery: RemQuery fails with NoAccessMethod "Access is denied. (0x00000005)"

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Discovery


    COMPONENT:

    BMC Discovery 11.3


    APPLIES TO:

    BMC Discovery



    PROBLEM:

     

    RemQuery fails with NoAccessMethod. 

      
      In general, WMI is used when scanning Windows systems, but if WMI fails then RemQuery is tried. RemQuery is also used for the getNetworkConnectionList method, and for running commands from patterns.  
        
       The Script Failure List contains:  
       
          
       
       RemQuery failed: Access is denied. (0x00000005)  
        

    The proxy worker log shows:

       

    discovery.slave.worker.remquery.connection: DEBUG: Try using RemQuery on remote xxx.xxx.xxx.xxx with domain\user
    discovery.slave.worker.remquery.connection: DEBUG: File already present and up to date
    discovery.slave.worker.remquery.connection: DEBUG: Unable to connect to xxx.xxx.xxx.xxx SC manager: (5, 'OpenSCManager', 'Access is denied.')
    discovery.slave.worker.remquery_method: DEBUG: Error requesting RemQuery: Access is denied. (0x00000005)

       


    The event viewer on the target machine shows "Unable to start service control dispatcher"

      

     


    SOLUTION:

     

    Root cause 1: The credential used by Discovery is not a member of the administrators group on the target host.

         
      "The RemQuery utility cannot be run as a nonadministrator user. You can only create a service as an administrator, which RemQuery needs to do after copying its service to the ADMIN$ share on the remote machine." 
      
      To confirm the root cause:
      
      - Execute this command from the proxy: 
      
      net use T: \\<ip address>\admin$ /user:<domain>\<user> 
      
      If the output is not "The command completed successfully", the root cause is confirmed. 
      
      - Open a remote desktop session on the scanned device and check if the local admin group contains the account used for the scan. 
      
     
      Solution 1: Add the account used to scan the device in the local admin group of the scanned device 
      
        
      
      Root cause 2: The Windows proxy service is not running as an account that is a member of the administrators group on the proxy server. In this case, RemQuery will fail even if the credential used to scan the device is actually an administrator. 
         
      "You should not run the Credential Windows proxy as the Local System user, but as a valid local user account, which should be in the local Administrators group." 
      
      To confirm the root cause: 
      
      - Open a remote desktop connection on the proxy affected by this issue 
      
      - Choose Start > Settings > Control Panel. 
      
      - Double-click Administrative Tools and then Services. 
      
      - Right-click on the Windows proxy entry in the Services list and choose Properties. 
      
      - Switch to the Log On tab  
      
      If the option "log on as Local System User" is selected, the root cause is confirmed. 
      
      If the option "log on as This account" is selected, and the account used is not part of the administrator group, the root cause is confirmed. 
      
     
      Solution 2:  Change the account as documented ("a valid user account, which should be in the Administrators group") 
      

    Root cause 3: The user account is part of the admin group, but its permission to remotely access admin$ was denied.

      

    To confirm the root cause: try the following commands:

      

    net use T: \\<ip address>\admin$ /user:<domain>\<user>
    net use T: \\<ip address>\admin$ /user:Administrator

      

    If it works for the Administrator account but fails for the user that is part of the admin group, it confirms that the user has less privileges than admin (note that in theory, the permission could be denied for Administrator too)
    The permission to remotely access admin$ can be removed as explained below

      

    http://helgeklein.com/blog/2011/08/access-denied-trying-to-connect-to-administrative-shares-on-windows-7/
    http://support.microsoft.com/kb/951016

      

    Solution 3: set to 1 the following key as explained in the links above:

      

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

     


    Article Number:

    000335251


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles