Troubleshoot Windows and Unix Authentication Issues

This topic includes information to understand how to troubleshoot and understand authentication issues during authenticated scans. It covers supported authentication technologies, common errors such as login failures, authentication not attempted, and insufficient privileges. The topic also includes details about resolving these issues to ensure successful authentication and vulnerability detection.
This topic provides information to:

• Set up and verify authentication
• Resolve login failures
• Address authentication not attempted errors
• Fix insufficient privileges issues

Authentication Support and Detail Guide

For more information about the list of the Qualys-supported authentication technologies, certified versions of these technologies for VM and PC, and their ability to support auto discovery and vaults, refer to the article: Authentication Technologies Matrix.

To know more about how to set up your authentication record, refer to the OS technologies section under Scan Authentication.

Login Failed

For more information about the most common issues related to Windows authentication failure, registry and file access, and Winreg access, refer to the article Windows Authentication Failing.

For more information about Windows authentication failed QID: 105015, refer to NTSTATUS Values.

Not Attempted

Verify that authentication settings are correctly configured in authentication record and option profile. If authentication is not attempted, check for possible configuration issues.
Common reasons why authentication might not be attempted include:

• Windows authentication: Authentication might not be attempted if required ports or services aren't running. For example, Windows authentication depends on services such as Microsoft DS/SMB (port 445), NetBIOS session over TCP (port 139), and DCERPC Endpoint Mapper (port 135). If these services are not detected during the scan, authentication cannot proceed.
• Unix Authentication: For UNIX-authenticated scans, the SSH service must be running during the scan. Ensure that required ports and services, such as SSH on port 22 are active. 

For more information about an attempted authentication, refer to the article: Authentication not attempted during vulnerability scan.

Insufficient Privileges

If you encounter 'Insufficient Privileges' errors, refer to the section QID 90194: Windows Registry Pipe Access Level > QID 70022: Open DCE-RPC / MS-RPC Services List, in the article Authentication vs Authorization vs insufficient privileges.

If you have provided Windows authentication credentials, the Microsoft Registry service that supports the named pipe \\PIPE\\winreg must be available. This service enables CIFS access to the registry. Authentication won't proceed if it's missing. 
Result: Microsoft Registry 1.0 \PIPE\winreg.