Authentication failed via 139/TCP and 445/TCP

I’m trying to run a CIS Benchmark policy scan on a Windows Server 2019, but it gives me an error., Example:
Proof Content:
This is a complex check. Operator = AND
oval-org.cisecurity.benchmarks-def-1622728: ERROR
The status of compliance for this rule was derived from its parent rule(s).
oval-org.cisecurity.benchmarks-def-1622729: ERROR
The status of compliance for this rule was derived from its parent rule(s).

I validated the credentials and currently we are only able to authenticate through port 135/TCP, I believe that’s the issue, if so, how can we solve it?

We’ve already followed the best practices guide for Windows authentication, but it wasn’t enough to resolve the issue.

Service Name Product Port Protocol Vulnerabilities Users Groups Authentication
CIFS 139 TCP 0 0 0 Unknown
CIFS 445 TCP 0 0 0 Credentials Failed
DCE Endpoint Resolution 135 TCP 0 0 0 Credentials Success

Thanks in advance for your time and support.

If the credentials are failing for 445 I assume this is most likely a permissions issue. Honestly there are several things you could do to troubleshoot the windows credentials. However, my best suggestion would be to migrate away from windows credentials and go for the Scan Assistant instead. Instead of a domain account it uses an executable to provide a certificate for authentication. The Scan Assistant can perform all of the checks necessary and is actually more efficient let alone more secure.

1 Like

Firstly ensure that the domain admin is also a part of the local admin.
Secondly, modify the scan template to check for ‘registry edits on windows systems’. This seems to have solved the issue we were having.