PAM-CM-1122 and ERROR_ACCESS_DENIED service discovery errors
Article ID: 265549
Updated On:
Products
Issue/Introduction
We are unable to discover services on a remote Windows host. In the target account we have a Windows Proxy configured to do service discovery:
But when we try to discover services, none are discovered and we get message
Error: PAM-CM-1122: Proxy unable to access host.
In the Windows Proxy log file cspm_client_log.txt we see a message like
CSPMAgentService::listService. End of operation, message: <remote ip> : 5-ERROR_ACCESS_DENIED
Cause
Discovery services run by a local account requires elevated privileges. PAM tests access to the ADMIN$ share on the remote host to verify that the account used for service discovery, in this case the account that's running the PAM Windows Proxy service, has administrative privileges. This was denied by the remote server with an ERROR_ACCESS_DENIED error.
Resolution
Make sure the account configured to discover services has access to the ADMIN$ share. You can use the following command from the Windows Proxy host to test share access:
net use \\<server addr>\admin$ /user:<username> <password>
This should complete successfully, and the share should be listed by the "net use" command afterwards.
To remove the share access run
net use \\<server addr>\admin$ /delete
Feedback
