This error could occur if the Vontu service account is set to ./protect or another local user. If your Organization has a policy that prevents local accounts from mounting shares on the Domain, then the Discover scan will fail.
Change the Vontu Monitor service account on the Discover Server to use a Domain Account instead of a local user.
The Vontu Monitor service account only has to have the rights to Mount a network share, not specific access rights to the share. You would still need to specify a Domain Account that has specific access rights to the Network Share you wish to scan in the Discover Target setup page.
See also TECH220605
Another possible reason for this issue is related to a local security setting which is not allowing Storage of Credentials. A quick way to test if this is the issue would be to scan a local share directly on the Discover server. If successful then it is likely the following setting was updated: "Network access: Do not allow storage of credentials or .NET Passports for network authentication":
On the Windows Discover Server, click Start, click Run, type gpedit.msc, and then click OK.
Under Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then expand Security Options.
In the Policy pane, right-click Network access: Do not allow storage of credentials or .NET Passports for network authentication, click Properties, click Disabled, and then click OK.
NOTE: the default setting is Disabled. It is also possible to update this setting via GPO.
The Explain tab of this setting states the following:
Network access: Do not allow storage of passwords and credentials for network authentication
This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication.
If you enable this setting, Credential Manager does not store passwords and credentials on the computer. If you disable or do not configure this policy setting, Credential Manager will store passwords and credentials on this computer for later use for domain authentication.
Note: When configuring this security setting, changes will not take effect until you restart Windows. Default: Disabled
Internal testing shows a Reboot is not needed, though according to the info above you may wish to do so.
Imported Document ID: TECH219776
Subscribing will provide email updates when this Article is updated. Login is required.