Environment:
This document has been tested in 9.6.
Error message:
There are multiple error messages associated with this fix:
-IIS
2015-04-03 15:34:20 101.202.10.1 GET /incomingdata/postcgi.exe - 80 - 172.19.1.1 http://infldms/incomingdata/ 403 19 1314 203
-Vulscan.log
Sending scan results to core ldms96core1.fqdn.com
PutResultsAsFile uncompressed length: 803
compressed length: 393
HTTP POST: http://ldms96core1.fqdn.com/incomingdata/postcgi.exe?prefix=vulscanresults\&name=ScanResults_{1AA08831-8A7A-2541-B607-1085BD6A4283}_4.vrz
Setting a proxy...
Setting socket timeout to 1000 * 60 * 4
Failed http://ldms96core1.fqdn.com/incomingdata/postcgi.exe?prefix=vulscanresults\&name=ScanResults_{1AA08831-8A7A-2541-B607-1085BD6A4283}_4.vrz on server (0), server status: 403.
HTTP Error 403. Giving up.
Last status: Failed: No response from core
Failed to put vulnerability results to core as file: 8DB301B1
Failed: No response from core
Skipping repair step because scan errors occurred.
Failed
ClosePipes
Exiting with return code 0x8db301b1 (433).
Problem:
When attempting to run a vulnerability scan, you are getting a 433 return code. When reviewing the vulscan.log (above), you find that there is a 403 HTTP error.
Cause:
The IIS log above indicates a 403.19 error, which indicates that the configured user for the LDAppMain application pool does not have sufficient privileges to run CGI applications.
Solution / Workaround:
1. On your core server, click Start, click Run, type secpol.msc, and then click OK.
2. In the Local Security Policy Microsoft Management Console (MMC) snap-in, expand Local Policies, and then click User Rights Assignment.
3. In the details pane, right-click Replace a process level token.
4. In the Replace a process level token Properties dialog box, click Add User or Group.
5. In the Select Users or Groups dialog box, type IUSR, click Check Names to verify the account, and then click OK.
6. Perform an IISRESET and attempt a new vulnerability scan.