Docs
How To
DMC
Remediating Access Issues

Remediating Access Issues

Overview

When running DMC physical, Hyper-V, or Linux server scans, you may encounter access issues that prevent successful validation and scanning.
This guide provides secure, streamlined steps to troubleshoot and resolve connectivity, credential, and configuration problems.

Common Access Issues

DMC server validation typically fails due to one of these categories:

  • Network connectivity problems – Ports blocked, firewalls, network routing
  • Authentication failures – Invalid credentials, insufficient permissions
  • Service configuration issues – WinRM/SSH not enabled, services not running
  • System state problems – Servers powered off, network interfaces down

Network Connectivity Issues

Verify Network Access

Test Basic Connectivity 

ping <server-ip-or-hostname>

If ping fails, check:

  • Jumpbox network configuration
  • Target server NIC/IP settings
  • Firewall rules blocking ICMP

Test Required Ports

Windows Servers (WinRM):

Test-NetConnection -ComputerName <server-ip> -Port 5985
Test-NetConnection -ComputerName <server-ip> -Port 5986

Linux Servers (SSH):

nc -zv <server-ip> 22

Check Firewall Rules

Windows Firewall (target servers):

  • Port 5985 (HTTP) – WinRM HTTP
  • Port 5986 (HTTPS) – WinRM HTTPS

Linux Firewall (target servers):

  • Port 22 – SSH

Windows Server Configuration

Enable WinRM and PowerShell Remoting

Run as Administrator on the target server:

Enable-PSRemoting -Force
Set-Item WSMan:\localhost\Service\Auth\Kerberos -Value $true
Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $false

This:

  • Starts WinRM
  • Opens firewall for 5985 (HTTP)
  • Enables Kerberos (default in domains)
  • Keeps traffic encrypted

HTTPS Listener (Recommended) 

New-Item -Path WSMan:\Localhost\Listener -Transport HTTPS -Address * -CertificateThumbprint <thumbprint>

Verify WinRM 

Test-WSMan -ComputerName <server-ip>

Linux Server Configuration

Enable SSH Service 

sudo systemctl enable --now sshd
sudo systemctl status sshd

Secure SSH Configuration

Edit /etc/ssh/sshd_config:

Port 22
PasswordAuthentication no
PermitRootLogin prohibit-password

Restart SSH:

sudo systemctl restart sshd

Verify SSH 

ssh -i ~/.ssh/id_rsa <username>@<server-ip>

Credential Issues

Windows Accounts

  • Use an account in Remote Management Users (or Local Admin if needed).
  • Domain Admin is not required unless scanning highly privileged objects.

Linux Accounts

  • Use a non-root user with sudo rights.
  • Verify sudo permissions: 
    sudo -l -U <username>

System State Issues

Check that:

  • Servers are powered on.
  • NICs are active (ipconfig /all on Windows, ip addr show on Linux).
  • Required services (WinRM, SSH) are running.

Advanced Troubleshooting

Windows 

winrm get winrm/config
Test-WSMan -ComputerName <target>

Linux 

sudo journalctl -u sshd -f
sshd -T | grep -E "(port|permitrootlogin|passwordauthentication)"

Network 

# Windows
pathping <server-ip>
# Linux
mtr <server-ip>
sudo tcpdump -i any port 22

Re-import and Configuration

Where possible, edit servers directly in the DMC UI.
If using CSV:

  1. Correct details (IP, hostname, credentials).
  2. Re-import CSV.
  3. Re-validate.

Troubleshooting “Unreachable” Servers

If a server shows as Unreachable during validation (e.g., ports 5985/5986 for Windows or 22 for Linux not open), follow these steps:

Check Server Power and NIC

Ensure the server is powered on and NICs are active. From the jumpbox:

ping <server-ip>

Check Required Ports

Verify the required ports are accessible:

Windows:

Test-NetConnection -ComputerName <server-ip> -Port 5985
Test-NetConnection -ComputerName <server-ip> -Port 5986

Linux:

nc -zv <server-ip> 22

Enable the Management Service

Enable the appropriate remote management service:

On Windows:

Enable-PSRemoting -Force

On Linux:

sudo systemctl enable --now sshd

Check Firewall Rules

Verify firewall rules allow the required traffic:

Windows:

Get-NetFirewallRule -DisplayGroup "Windows Remote Management"

Linux:

sudo iptables -L -n | grep 22

Verify Listeners

Check that the services are listening on the correct ports:

Windows:

winrm enumerate winrm/config/listener

Linux:

sshd -T | grep port

Re-validate in DMC

Return to the DMC UI, select the server, and click Validate Selected.

Common Error Messages and Solutions

Error Message Likely Cause Next Step
“Connection refused” Port closed / service not running Run Test-NetConnection/nc; enable WinRM/SSH; open firewall
“Access denied” Insufficient privileges Verify group membership, sudo rights, account lockout
“Host unreachable” Network path down Check power state, NICs, firewall, traceroute
“Authentication failed” Wrong user/password or SSH key Retry with correct credentials, check sshd_config
“Operation timeout” Latency or firewall filtering Pathping/mtr, firewall rules

Next Steps

  1. Re-validate servers in DMC.
  2. Test with a small sample scan.
  3. Run full scan when validation succeeds.
  4. Monitor logs for new issues.