Ports of No Joy...

In some of your discoveries, you may have noticed something that seems quite strange: while exploring a Linux server, a printer, or a Unix server, Discovery's logs tell you that "WMI Authentication failed" — and yet, the discovery worked just fine. Huh? What kind of a stupid discovery program would look for WMI on a printer, anyway?

This will probably make more sense if you understand what's going on "under the hood"...

Once Discovery determines there's a device at a particular IP address, the next thing it does is to look for certain open ports (i.e., ports that the target device is listening to). If Discovery finds that port 22 is open, that's a pretty good indication that the target device will accept SSH connections (because port 22 is the well-known port for SSH) — and Discovery will launch an UNIX - Classify probe to find out what kind of UNIX box the target is (because usually a device listening to SSH is a UNIX box). If it finds ports 139 and 445 open, then the target device is likely a Windows machine, and Discovery will launch a Windows - Classify probe to find out what sort of Windows box it is.

However, it's not certain that just because port 22 is open, the target device is a UNIX box. For example, it is possible (with third-party software) to enable SSH access to a Windows box. In this case, the UNIX - Classify probe would fail, either because of an authentication error (if Discovery didn't have credentials for the Windows box) or because the UNIX command uname is missing. Similarly, just because ports 139 and 445 are open it's not certain that the target device is a Windows box. For example, some printers emulate Windows printing services and this causes those two ports to be open on the printer — and it's fairly common for Linux boxes to run SAMBA, which emulates a host of Windows services and also opens ports 139 and 445. In these cases, the Windows - Classify probe will get an error because it can't open a WMI connection (printers and Linux boxes don't support WMI).

So...it's not completely stupid that these errors show up. From Discovery's perspective, a Linux box running SAMBA looks exactly like a Windows server it doesn't have credentials for — so Discovery just tells you what it knows for sure, and carries on. Usually when one of these errors shows up, Discovery will succeed with a different probe. For example, on that Linux box running SAMBA, presumably Discovery would be able to explore the device through SSH — so despite the error, the discovery actually works just fine. Because it's fairly unusual to have SSH running on Windows boxes, and fairly common to have SAMBA or Windows printing services emulation, the most common example of this sort of error shows up as the WMI connection problem...