Hi there,
since mid March I can see that my risk score and the number of vulns is going down. Yes we are taking actions to bring risks down, but I was a bit suspicious that would be the only reason.
When looking a bit more into the details, I found out that since mid-march I gradually have more and more machines for which scan authentication fails.
Whereas those machines are in AD, we authenticate using a dedicated AD account, and that AD account did not change.
Did anyone face similar issues ?
In the scan log, for a specific machine, we get similar errors as “The WinRM credentials and services have failed verification.”, whereas previous logs shows the scan tries authenticating on that machine (which is in AD) with a dedicated user account (which is in AD as well, and which we did not change).
Thanks in advance.
I’ve had this issue as well with some assets. The local Windows firewall was blocking incoming access to port 135 and it failed to fingerprint the OS version. Make sure that port 445 and 135 can be accessed by your InsightVM scanner.
Thanks for your input - we eventually figured out that this was due to authorisations granted to the user account used for authenticated scan: although that user account was not directly changed (which is the reason why we orginally discarded that possible root cause and looked for other ones), a GPO granting that account with local admin was deleted 
Pol: I am interested in what you used to identify assets that had successful authenticated scans at the asset level. I am looking to identify assets that have had successful authenticated scans in the past but are no longer authenticating. Thank you
Hi, i have facing same issue , kindly guide me
I suggest opening a new topic for this with the specific issues you’re facing.
while there may be several issues to troubleshoot this problem, my best suggestion would be to move away from Windows credentials and opt in for the scan assistant instead
what is solution?
Hi sd1,
Like John said, it might be better to start using the scan assistant so you wont have these kind of issues. The agent wont need to authenticate and you might be able to close the inbound port to further harden your system. However it is possible that you’ve got a system on which you cant deploy the agent for some reason.
For me, the failed authentication was the result of a local firewall setting on the target server that I wanted to scan. It was actively blocking access to port 135. So in your case, you could try to temporarily turn off the firewall so your can run a test scan and see if that helps. If it does, then change you firewall settings to allow access to the port.
I dont know what your network looks like. There might also be a network firewall between your scanner and target server. Make sure to put the scanner on the same netwerk as your target servers, or open ports in the network firewall.
In Pol’s case it was a permissions issue. Make sure that your scan account has the correct permissions.