Error is received when trying to use certain password checks that examine the content of the password and compare it to various things.
Windows with MS16-047 installed.
PWDump::GetRemoteHashes() - PrivateGetPasswordBatchFromPWHashDumpServiceOnRemoteMachine() failed with error 0x000006D3 for <machine name>. Error: The authentication service is unknown.
Please review Microsoft technote on ms16-047 patch for cause.
At this time Symantec does not believe it is possible to address this issue. This issue affects both agentless and agent based password comparison checks for Raw Based (RBC) and Message Based (MBC...ESM) data collections. Symantec does not recommend removal of MS16-047 as it will be a pre-requisite for future critical OS patches (per Microsoft).
Microsoft patch MS16-047 has blocked the retrieval process that is used to obtain the password hashes that Control Compliance Suite (CCS) and Enterprise Security Manager (ESM) use to perform various password comparison checks. Symantec is not aware of any other 3rd party tools, including hacker tools, that can do this (currently) once this patch is applied to a Windows machine. If a new method for obtaining Windows password hashes on patched systems becomes available, Symantec will consider implementing it to make password comparison checks work again. However, if proper password complexity policies are enforced on Windows machines (which CCS and ESM can check via RBC and MBC checks), password comparison checks become much less relevant. Correctly set password complexity policies, enforced on a Windows machine, should make it extremely difficult (if not impossible) for users to set their passwords to anything that the comparison checks would have checked for.
Complete list of Password Comparison Checks in RBC:
Password Is User Name?
Password Found in File?
Password Is Blank?
Password is Any User Name?
Complete list of Password Comparison Checks in MBC (ESM) affected:
Password = username
Password = any username
Subscribing will provide email updates when this Article is updated. Login is required.