# Failure to Scan Inventory Manually ## Problem You try to complete inventory scanning manually. However, this fails and you see either one of the following errors on the screen: - Access Denied - Scanning Timed Out **Note**: While the resolution provided in this article will help you solve problems that you are facing while trying to complete inventory scanning manually, it could fail again due to various reasons. Therefore, it is recommended that you use the Scheduled [Inventory Scanning](https://www.manageengine.com/products/desktop-central/inventory-management-how-to.html#inventory-management-how-to1) feature to complete this task. ## Cause Manual inventory scanning will fail due to either of the following reasons: ### Access is Denied This could be due to the following reasons: - Administrator credentials for a domain do not match or have been changed - DCOM settings are disabled - Force Guest feature is enabled ### Scanning Timed Out This could be due to the following reasons: - Data is blocked by the firewall on the computer on which the Endpoint Central server is installed - Scanning fails on computers running in remote offices - Multiple IP addresses have been enabled in the computer in which the Endpoint Central server is installed - UAC and Remote UAC are enabled in computers in a workgroup setup running on Microsoft Windows Vista or later versions ## Resolution Follow the resolution related to the error message you saw on the screen while trying to complete inventory scanning manually. ### Access Denied - Check if the Administrator credentials for a domain that were specified while defining the Scope of Management (SoM) are valid and have not been changed. - Enable DCOM settings in all the computers in your network. To enable DCOM settings, follow the steps given below: 1. Click **Start** > **Run** 2. Enter **dcomcnfg** 3. Click **OK** The dialog box that appears depends on the Windows operating system installed on your computer. - If you are using Windows NT/2000, you will see the *Distributed COM Configuration Properties* dialog box. - If you are using Windows XP, you will see the *Component Services* dialog box. To access the **Properties** tab: 1. Expand **Component Services** 2. Expand **Computers** 3. Right-click on **My Computer** 4. Click **Properties** 4. Click the **Default Properties** tab 5. Select **Enable Distributed COM on this computer** 6. Select an appropriate authentication level 7. Select an appropriate impersonation level You have now enabled DCOM settings on the computers in your network. - Turn off the **Force Guest** feature if client computers are part of a workgroup (not part of a Windows Domain). Make the following change on all client computers: 1. Click **Start** > **Run** 2. Enter `explorer` 3. Click **OK** 4. Select **Tools** > **Folder Options** 5. Click the **View** tab 6. Deselect **Use simple file sharing** 7. Click **OK** ### Scanning Timed Out - Unblock firewall ports: Ensure that the following ports are added to the exception list of the firewall on the computer where the Endpoint Central server is installed. #### For Endpoint Central On-Premise - **8020**: Used for agent-server communication and to access the Web console - **8027**: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown, and moving agents from one remote office to another #### For Endpoint Central Cloud and MSP Cloud Exclude port **443**: - `desktopcentral.manageengine.com:443` – Used for agent-server communication and to access the Web console - `dms.zoho.com:443` – Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown, and moving agents from one remote office to another - Ensure that computers are switched on and the Endpoint Central service is running. If scanning has failed for computers in remote offices: - Check whether the computers are switched on and running when scanning is in progress - Ensure that the **ManageEngine UEMS - Remote Control** service is running on the client computers - Eliminate issues caused by multiple IP addresses: If the computer on which the Endpoint Central server is installed has multiple IP addresses (for example, a virtual adapter or two NICs), disable the virtual adapters. - Disable UAC and Remote UAC on computers running Microsoft Windows Vista or later versions. **Note**: This is applicable only if the computers are in a workgroup setup. #### Disabling UAC in Client Computers You must disable the UAC feature on all client computers. 1. Click **Start > Settings > Control Panel > User Accounts** 2. Disable the UAC settings: **For Windows 7 and Windows 2008 R2** 1. Click **User Account Control Settings** 2. Drag the control level to **Never Notify** 3. Click **OK** **For Windows Vista and Windows 2008** 1. Click **Turn User Account Control On or Off** 2. Uncheck **Use User Account Control (UAC) to protect your computer** 3. Click **OK** 3. Close the Control Panel window. Repeat these steps on all client computers running Windows Vista or higher. #### Disabling Remote User Account Control in Client Computers Disable the Remote UAC feature by modifying the registry entry that controls it. 1. Click **Start > Run** 2. Enter `regedit` 3. Click **OK** 4. Navigate to: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` 5. Right-click in the right pane and click **New > DWORD Value** 6. Enter the name **LocalAccountTokenFilterPolicy** **Note**: If this key already exists, right-click the name, click **Modify**, and follow the next steps. 7. Click **Modify** 8. Change the value data to `1` 9. Click **OK** You have now disabled the Remote UAC feature. --- **Applies to:** Software Inventory Tracking, Hardware Inventory Tracking, Asset Management **Keywords:** Track Software Inventory, Monitor Hardware Assets, Manual Scanning, Asset Scan, Inventory Reports