Symantec AntiVirus - Scan engine returned error 0x2
I updated the virus definitions on all the systems at a site today where
Symantec AntiVirus Corporte Edition 8.0 is deployed. I then attempted to
start scans on all systems. For the first system, I started a scan from
the Symantec System Center, which completed successfully with no viruses
detected on the system. I was sitting next to another system, so I started
the scan of that system by logging into the local user's account on that system.
That scan also ran successfully. There was a third system that was managed
by the Symantec System Center where I was unable to start the scan from
the server, so I tried starting the scan from the system itself. I also
attempted to start the scan while logged into the local user's account
on a fourth system that was operating as an unmanaged client. When
I attempted to run the scans on the third and fourth systems, the scans
failed with the error message below:
Could not start scan. Scan engine returned error 0x2.
I rebooted the fourth system, but that did not resolve the problem.
I checked to make sure the Symantec Antivirus Client service was running
on the system. Its status was listed as "started".
After a few tests, I found that I could run the scans without the error,
if I logged into the local system administrator's account on the two systems
where the error occurred. When I started the scans on the third and fourth
systems I had been logged into an account in the Power Users group on the
third system and a regular user account on the fourth system. But in both
cases, I had started the scans by right-clicking on the icon for Symantec
Client Security while holding down a shift key and then selected "Run as" and
selected the local administrator's account from which to run the scan. But
that didn't work. I had to actually log into that account in order to
successfully run the scans. In the case of the second system where I had run
the scan successfully from the local user's account, that local user account
was in the administrators group for that system.
I found someone else reporting the same problem at
Some1 PLZ help Symantec AV will not scan. Someone had replied to that poster
that rebooting resolved the problem for him, but it didn't help for me. Other
URLs listed in replies referred to error messages that didn't match the 0x2 one
I saw, so I don't think they were applicable.
[/security/antivirus/symantec]
permanent link
VNC Local Loop-back Connections Disabled
I installed
TightVNC on a Windows
SBS 2003 server
in order to be able to remotely manage it from a Unix or Linux host.
I had previously installed
OpenSSH for Windows on the system so that I could login to the
system remotely and check on the system, but I also wanted to have
a
GUI connection to the
system so that I could run programs that can't be run from the command line
From a Unix workstation running Solaris, I entered the command
ssh -L 5901:localhost:5900 administrator@192.168.0.5 to
establish an SSH connection to
the system with port 5901 on the Unix workstation being forwarded to
port 5900 on the Windows SBS 2003 server. Port 5900 is the default port
for a VNC server and the one I used on the Windows system. However,
when I tried to connect to the Windows system with vncviewer by connecting
to port 5901 on the Unix system, which then should be forwarded over the
SSH connection to port 5900 on the Windows system, I saw the message
"Local loop-back connections are disabled."
bash-2.03$ vncviewer localhost:1
VNC viewer for X version 4.0 - built Jun 14 2004 12:04:05
Copyright (C) 2002-2004 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.
Tue Nov 22 16:08:49 2005
CConn: connected to host localhost port 5901
CConnection: Server supports RFB protocol version 3.3
CConnection: Using RFB protocol version 3.3
Tue Nov 22 16:08:50 2005
main: Local loop-back connections are disabled.
Doing a Google search on the
error, I learned I needed to have the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 on the Windows system set
to a DWORD value of "1". Since I had a command line prompt on the
Windows system via the SSH connection, I used the reg query
command to check the current value of that registry key. Sure enough,
its current value was "0".
C:\Documents and Settings\Administrator>reg query HKEY_LOCAL_MACHINE\SOFTWARE\OR
L\WinVNC3
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3
ConnectPriority REG_DWORD 0x0
DebugMode REG_DWORD 0x0
DebugLevel REG_DWORD 0x2
LoopbackOnly REG_DWORD 0x0
EnableHTTPDaemon REG_DWORD 0x1
EnableURLParams REG_DWORD 0x0
AllowLoopback REG_DWORD 0x0
AuthRequired REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default
Fortunately, the reg command can also be used to modify the
registry from the command line.
C:\Documents and Settings\Administrator>reg add HKEY_LOCAL_MACHINE\SOFTWARE\ORL\
WinVNC3 /v AllowLoopback /t REG_DWORD /d 1
Value AllowLoopback exists, overwrite(Yes/No)? yes
The operation completed successfully.
The REG ADD command uses the following syntax:
REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]
In this case, the parameters used have the following meaning:
/v The value name, in this case "AllowLoopback", to
be added under the selected key.
/t Allows one to specify the data type, which can be
REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, or REG_NONE.
If none is specified, REG_SZ is assumed. In this case REG_DWORD is needed.
/d The data to assign to the registry ValueName being
added, which is "1" in this case.
Another reg query HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3
shows the value was changed.
C:\Documents and Settings\Administrator>reg query HKEY_LOCAL_MACHINE\SOFTWARE\OR
L\WinVNC3
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3
ConnectPriority REG_DWORD 0x0
DebugMode REG_DWORD 0x0
DebugLevel REG_DWORD 0x2
LoopbackOnly REG_DWORD 0x0
EnableHTTPDaemon REG_DWORD 0x1
EnableURLParams REG_DWORD 0x0
AllowLoopback REG_DWORD 0x1
AuthRequired REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default
After modifying the registry value, you then must stop and restart the
VNC Server service.
C:\Documents and Settings\Administrator>net stop "VNC Server"
The VNC Server service is stopping..
The VNC Server service was stopped successfully.
C:\Documents and Settings\Administrator>net start "VNC Server"
The VNC Server service is starting.
The VNC Server service was started successfully.
You should then be able to use vncviewer localhost:1 to
access the remote system with VNC. After the message about the
protocol version, you should see a VNC Authentication window
open.
bash-2.03$ vncviewer localhost:1
VNC viewer for X version 4.0 - built Jun 14 2004 12:04:05
Copyright (C) 2002-2004 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.
Tue Nov 22 17:07:42 2005
CConn: connected to host localhost port 5901
CConnection: Server supports RFB protocol version 3.3
CConnection: Using RFB protocol version 3.3
In this case, I was then able to enter the VNC authorization password
and then hit Ctrl-Alt-Del on the Solaris system to enter the user name
and password for the Windows SBS 2003 server.
References:
-
Cygwin ssh (OpenSSH), and Win98 - Use "crypt newpassword" to add a password
into /etc/passwd
[/os/windows/software/remote-control/vnc]
permanent link
