Overview
Scheduled scans do not seem to be working / running on schedule, and their results do not appear in the Activity Monitor. Remediation jobs also do not run and do not show in Activity Monitor.
Solution
The most common root cause for such an issue is that the account used for scanning or the account used for the LNSSCommunicator module is lacking permissions:
- The account used for scanning must have the Replace a process level token right to launch the lnsscomm.exe process. Without it, the scanning account will launch the scheduled scan and update the "Last Scanned" column value but then fail to launch the lnsscomm.exe process, and the scan will not actually happen.
- Logon as a batch file right is needed for the remediation operations.
Ensure service account correct credentials and permissions
Add the account used for scanning and the account used for the LNSSCommunicator module to the Replace a process level token and Logon as a batch job local security policies as follows:
- Determine the account being used for scanning by checking the scheduled scan > Properties > Logon Credentials tab:
- If there are no credentials specified AND Use per computer credentials when available is NOT checked, then the GFI LanGuard Attendant Service account will be the one to be used.
- If Alternative Credentials are specified AND Use per computer credentials when available is NOT checked, then the specified Alternative Credentials will be used.
- If Alternative Credentials are specified AND Use per computer credentials when available IS checked AND the computer has Per-computer Credentials assigned in the Dashboard > Computer Properties dialog, then the specified Per-computer Credentials will be used.
- Open Dcomcnfg (Start > Run > type
dcomcnfg.exe
and press Enter), navigate to Computers > My Computer > DCOM Config > LNSSCommunicator), right-click to open Properties, and switch to the Identity tab. Check the account being used. - Open the Local Security Policy editor (under Control Panel or running by gpedit.msc).
- Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
- Locate the Replace a process level token policy and open the Properties dialog.
- Ensure the scanning account used and the Identity account of the LNSSCommunicator are included (add them if not included).
- Do the same for the Logon as a batch job policy.
Schedule a scan and check the results in the Activity Monitor. If the scan results still do not appear there, the issue can be caused by some rare root causes explained below. Eliminate them one by one.
Reregistering the responsible DLL module
A possible root cause for the remote actions not starting is when the sub-module agentmanagercom.dll is not registered correctly in the GFI LanGuard server. Reregister it following the solution steps from this article.
Verifying database connectivity
In rare cases, the backend database connectivity issues might be the root cause of the scheduled scans' results not appearing in the Activity Monitor. The information stored in the database is being used to display the results in the Dashboard or Activity Monitor.
- Ensure that the service account has a sysadmin role assigned within the SQL server.
- Check the debug log
lanss_vXXX_attendantservice.csv
for the relevant errors:
- "Error EOleException: 'Invalid connection string attribute'"
- Source = "Microsoft SQL Server Native Client 11.0", Description = "Login failed for user ..."
- "Login failure error repeated for all 10 attempts, stopped trying."
If you see these or similar errors, address them using the solution from Resolving 'Could not connect to database backend' Error in GFI LanGuard Console article.
Upgrading LanGuard
If you are not using the latest LanGuard version, Upgrade LanGuard. This would fix any hidden problems with the existing LanGuard installation and ensure getting the most recent product updates and vulnerability and patch definitions.
Fixing the corrupted LanGuard installation
Finally, the corrupted LanGuard installation can be the cause of unexpected behavior. Debug logs can contain clues, in particular about modules failing or configuration files missing. For example, the debug log lanss_vXXX_remediation.csv
might indicate that the remediation plugin cannot find certain configuration files with the error like:
Commons.GetPatchManagementMdbPath - . Error System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\GFI\LanGuard 12\PatchManagement\splanguagessupported.xml'. File name: 'C:\ProgramData\GFI\LanGuard
With the missing configuration XML files, the solution would be creating another LanGuard installation, copying the correct file from it, and restarting GFI LanGuard services. WIth other files and modules, try Fixing GFI LanGuard Broken Installation or Failed Upgrade or consider reinstalling LanGuard.
Testing
If you have successfully managed to follow through the above steps, the scheduled scan will show results in the Activity Monitor. If the issue persists, contact GFI LanGuard Support.