- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-16-2025 02:43 PM
How do i stop credential-less discovery from changing the CI class after discovery?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-18-2025 07:02 PM
Hi @AliaD
Credential-less discovery uses Nmap scans to identify devices and attempts to classify them based on limited information such as OS family detected from open ports. This often results in CIs being moved from a generic hardware class (e.g., cmdb_ci_hardware) to more specific classes (e.g., cmdb_ci_linux_server) based on assumptions from the scan data. This behavior can be undesirable if you want to keep credential-less discovered CIs in a staging class until verified by owners or credential-based discovery.
Use System Properties to Control Class Changes
ServiceNow provides some system properties that affect class switching during discovery:
-
glide.class.upgrade.enabledControls whether discovery can upgrade a CI to a more specific class. -
glide.class.downgrade.enabled: Controls whether discovery can downgrade a CI to a more generic class. -
glide.class.switch.enabled: Controls whether discovery can switch CI classes.
Setting these properties to false can prevent credential-less discovery from changing the class of CIs. For example, setting glide.class.upgrade.enabled to false was used as a temporary fix to prevent credential-less discovery from moving CIs from hardware to Linux or Windows server classes.
However, these properties are not specific to credential-less discovery and affect all discovery runs, which may cause issues such as stale CIs if full discovery cannot update them properly.
Disable Credential-less Discovery Entirely (If Appropriate)
If credential-less discovery is causing more harm than good, you can disable it by setting the system property:
-
mid.discovery.credentialless.enable=false
This stops credential-less discovery from running at all, preventing any class changes it might cause.
Recommended Best Practice: Use Credential-less Discovery as a Staging Step
Since credential-less discovery provides limited data and can misclassify CIs, a common best practice is to:
-
Allow credential-less discovery to place discovered CIs in a generic class such as
cmdb_ci_hardwareas a staging area. -
Have CI owners review and manually reclassify these CIs as appropriate.
-
Use credential-based discovery later to enrich and correctly classify the CIs.
Currently, ServiceNow does not provide an out-of-the-box setting to restrict class changes only for credential-less discovery while allowing full discovery to update classes. Some customers request credential-less specific controls, but these are not available yet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-18-2025 07:02 PM
Hi @AliaD
Credential-less discovery uses Nmap scans to identify devices and attempts to classify them based on limited information such as OS family detected from open ports. This often results in CIs being moved from a generic hardware class (e.g., cmdb_ci_hardware) to more specific classes (e.g., cmdb_ci_linux_server) based on assumptions from the scan data. This behavior can be undesirable if you want to keep credential-less discovered CIs in a staging class until verified by owners or credential-based discovery.
Use System Properties to Control Class Changes
ServiceNow provides some system properties that affect class switching during discovery:
-
glide.class.upgrade.enabledControls whether discovery can upgrade a CI to a more specific class. -
glide.class.downgrade.enabled: Controls whether discovery can downgrade a CI to a more generic class. -
glide.class.switch.enabled: Controls whether discovery can switch CI classes.
Setting these properties to false can prevent credential-less discovery from changing the class of CIs. For example, setting glide.class.upgrade.enabled to false was used as a temporary fix to prevent credential-less discovery from moving CIs from hardware to Linux or Windows server classes.
However, these properties are not specific to credential-less discovery and affect all discovery runs, which may cause issues such as stale CIs if full discovery cannot update them properly.
Disable Credential-less Discovery Entirely (If Appropriate)
If credential-less discovery is causing more harm than good, you can disable it by setting the system property:
-
mid.discovery.credentialless.enable=false
This stops credential-less discovery from running at all, preventing any class changes it might cause.
Recommended Best Practice: Use Credential-less Discovery as a Staging Step
Since credential-less discovery provides limited data and can misclassify CIs, a common best practice is to:
-
Allow credential-less discovery to place discovered CIs in a generic class such as
cmdb_ci_hardwareas a staging area. -
Have CI owners review and manually reclassify these CIs as appropriate.
-
Use credential-based discovery later to enrich and correctly classify the CIs.
Currently, ServiceNow does not provide an out-of-the-box setting to restrict class changes only for credential-less discovery while allowing full discovery to update classes. Some customers request credential-less specific controls, but these are not available yet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 07:55 AM
