Credentialless discovery disabled but continues to discover?

Go to solution
Richard Nelson
Giga Guru

‎06-26-2025 01:29 AM

Hi folks,  As per the subject, our instance (Xanadu) has Credentialless discovery disabled in the system properties but occasionally I still see SQL instances pop up that have been created by it.

 

Am I missing another setting or piece of functionality that continues to use credentialless discovery?

 

Thanks in advance

0 Helpfuls
  • 271 Views
1 ACCEPTED SOLUTION

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎06-26-2025 04:08 AM

Hi @Richard Nelson 

This is a known scenario and can be explained by a few underlying mechanisms in ServiceNow Discovery and Service Mapping.

Disabling Credentialless Discovery via the mid.discovery.credentialless.enable property should prevent the MID Server from launching credentialless (Nmap-based) discovery jobs for hosts and applications.

 

However, some ServiceNow Discovery or Service Mapping patterns explicitly set the Discovery Source to "CredentiallessDiscovery" in their identification sections, regardless of the global credentialless setting. 

For example, certain application patterns (like "Apache on Windows") may assign this source when identifying or updating CIs, even if credentialless discovery is globally disabled. This can occur if Service Mapping is running, or if custom or OOB patterns have this logic hardcoded.

 

Maik

View solution in original post

1 REPLY 1

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎06-26-2025 04:08 AM

Hi @Richard Nelson 

This is a known scenario and can be explained by a few underlying mechanisms in ServiceNow Discovery and Service Mapping.

Disabling Credentialless Discovery via the mid.discovery.credentialless.enable property should prevent the MID Server from launching credentialless (Nmap-based) discovery jobs for hosts and applications.

 

However, some ServiceNow Discovery or Service Mapping patterns explicitly set the Discovery Source to "CredentiallessDiscovery" in their identification sections, regardless of the global credentialless setting. 

For example, certain application patterns (like "Apache on Windows") may assign this source when identifying or updating CIs, even if credentialless discovery is globally disabled. This can occur if Service Mapping is running, or if custom or OOB patterns have this logic hardcoded.

 

Maik