Discover scan failing with the following error
05/19/09 - 3:40:14 PM \\somecomputer\someshare Failed to read \\somecomputer\someshare; error: Unknown Error -- C:\Vontu\Protect\bin>IF ""vontu"" == """" (net use l: "\\somecomputer\someshare" /persistent:no ) ELSE (net use l: "\\somecomputer\someshare" <password> /user:"vontu" /persistent:no )
This error could occur if the Symantec (Vontu) service account is set to ./protect or another local user. If your organization has a policy that prevents local accounts from mounting shares on the Domain, then the Discover scan will fail.
"Unknown Error"
Change the Symantec Monitor service account on the Discover Server to use a Domain Account instead of a local user.
The Symantec Monitor service account only has to have the rights to Mount a network share, not specific access rights to the share. You would still need to specify a Domain Account that has specific access rights to the Network Share you wish to scan in the Discover Target setup page.
See also Discover Scan fails with "Unknown Error"
Another possible reason for this issue is related to a local security setting which is not allowing Storage of Credentials. A quick way to test if this is the issue would be to scan a local share directly on the Discover server. If successful then it is likely the following setting was updated: "Network access: Do not allow storage of credentials or .NET Passports for network authentication":
NOTE: the default setting is Disabled. It is also possible to update this setting via GPO.
The Explain tab of this setting states the following:
Network access: Do not allow storage of passwords and credentials for network authentication
This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication.
If you enable this setting, Credential Manager does not store passwords and credentials on the computer.
If you disable or do not configure this policy setting, Credential Manager will store passwords and credentials on this computer for later use for domain authentication.
Note: When configuring this security setting, changes will not take effect until you restart Windows.
Default: Disabled
Internal testing shows a Reboot is not needed, though according to the info above you may wish to do so.