Error: "Missing Patches Scan - Connection Lost"

Versions / Builds Affected

All supported versions / builds

Status

Resolved

Problem Summary

When scanning interactively or using console scheduled scans the scans fail to retrieve Microsoft Patches and show the following error in the Error tab: Missing Patches Scan - Check remote registry - Connection lost

TT / JIRAID

591

How to Identify

Ensure the message above is displayed in the scan results details - Error tab In the lanss_Vxxx_securityscanner.* log ensure the following logging is present: "info ","MissingPatch","<< CheckRegistryAccess Result: 6" "error ","MissingPatch","Failed to verify that we still have a registry connection at the end of the scan, error 6. Not saving results of this scan." "info ","MissingPatch","Connection lost" Check to see if the issue is occurring only when scanning across WANs

Workaround / Fix Details

This is a known issue with LanGuard and Windows. Development has been working on this issue for more than a year. In a couple cases, disabling all the TCP offload settings on your LanGuard server's NIC (in device manager) fixed the issue. In others, a patch we have fixed the issue. Still in other cases the problem remains. It is a problem with the Microsoft networking protocols that seem to lose the connection to the remote registry during a scan and you get the "connection lost" error. Try removing the TCP offload setting first. If this does not work the only option will be to use agents for scanning

Required Actions

1. Have the customer try removing the setting the TCP Offload setting in Device Manager -> Network Card -> Properties -> Advanced to disabled. 2. If this does not work, tell the customer: Our developers have thoroughly researched this problem. It is a problem with the Microsoft networking protocols in certain environments. They lose the connection to the remote registry during a scan and you get the "connection lost" error. It is most prevalent when scanning across WAN links. At this point the only solution is to use agents for scanning on those systems affected or put an instance of LanGuard on the same LAN.