Credentialless discovery disabled but continues to discover?

Richard Nelson
Giga Guru

Hi folks,  As per the subject, our instance (Xanadu) has Credentialless discovery disabled in the system properties but occasionally I still see SQL instances pop up that have been created by it.

 

Am I missing another setting or piece of functionality that continues to use credentialless discovery?

 

Thanks in advance

1 ACCEPTED SOLUTION

Maik Skoddow
Tera Patron
Tera Patron

Hi @Richard Nelson 

This is a known scenario and can be explained by a few underlying mechanisms in ServiceNow Discovery and Service Mapping.

Disabling Credentialless Discovery via the mid.discovery.credentialless.enable property should prevent the MID Server from launching credentialless (Nmap-based) discovery jobs for hosts and applications.

 

However, some ServiceNow Discovery or Service Mapping patterns explicitly set the Discovery Source to "CredentiallessDiscovery" in their identification sections, regardless of the global credentialless setting. 

For example, certain application patterns (like "Apache on Windows") may assign this source when identifying or updating CIs, even if credentialless discovery is globally disabled. This can occur if Service Mapping is running, or if custom or OOB patterns have this logic hardcoded.

 

Maik

View solution in original post

1 REPLY 1

Maik Skoddow
Tera Patron
Tera Patron

Hi @Richard Nelson 

This is a known scenario and can be explained by a few underlying mechanisms in ServiceNow Discovery and Service Mapping.

Disabling Credentialless Discovery via the mid.discovery.credentialless.enable property should prevent the MID Server from launching credentialless (Nmap-based) discovery jobs for hosts and applications.

 

However, some ServiceNow Discovery or Service Mapping patterns explicitly set the Discovery Source to "CredentiallessDiscovery" in their identification sections, regardless of the global credentialless setting. 

For example, certain application patterns (like "Apache on Windows") may assign this source when identifying or updating CIs, even if credentialless discovery is globally disabled. This can occur if Service Mapping is running, or if custom or OOB patterns have this logic hardcoded.

 

Maik