Credential-less discovery not creating CI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2025 10:02 AM
I have a subnet of IP Phones that I need to discover. I have credential-less discovery enabled and I can see (in the discovery status) that "Pattern Launcher: Credentialless Discovery Network Device" is launched.
In the discovery log, I see:
2025-02-27 10:39:15: setAttribute(hostIP,<ip address redacted>)
2025-02-27 10:39:15: setAttribute(ports,21,22,23,25,53,80,110,111,135,137,139,161,162,199,389,427,443,445,515,548,631,636,902,993,1414,1443,1521,2049,3306,5060,5432,5480,5666,5985,5986,5989,7001,7500,8080,9080,9100,9440,9443,9443,10000,50000)
2025-02-27 10:39:15: setAttribute(command,HostDiscovery)
2025-02-27 10:39:15: Running local command: "C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\nmap.exe" -Pn -PS -PA -O -p 21,22,23,25,53,80,110,111,135,137,139,161,162,199,389,427,443,445,515,548,631,636,902,993,1414,1443,1521,2049,3306,5060,5432,5480,5666,5985,5986,5989,7001,7500,8080,9080,9100,9440,9443,10000,50000 --datadir "C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\safeScripts" -oX - 2>"C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\commandResults\9d87a120990022102ff3f338cff9f16d-1081377968497800.xml" -T4 -v -Pn -r --reason --system-dns <ip address redacted>
2025-02-27 10:39:15: Command response:
2025-02-27 10:39:15: Running local command: "C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\nmap.exe" -sT -Pn -p 21,22,23,25,53,80,110,111,135,137,139,161,162,199,389,427,443,445,515,548,631,636,902,993,1414,1443,1521,2049,3306,5060,5432,5480,5666,5985,5986,5989,7001,7500,8080,9080,9100,9440,9443,10000,50000 --datadir "C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\safeScripts" -T4 -v -Pn -r --reason --system-dns -oX - 2>"C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\commandResults\9d87a120990022102ff3f338cff9f16d-1081377968497800.xml" <ip address redacted>
2025-02-27 10:40:35: Command response: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///C:/MidServer/ServiceNow MID Server <mid server name>/agent/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap OEM 7.94 scan initiated Thu Feb 27 10:39:15 2025 as: "C:\\MidServer\\ServiceNow MID Server <mid server name>\\agent\\nmap\\nmap.exe" -sT -Pn -p 21,22,23,25,53,80,110,111,135,137,139,161,162,199,389,427,443,445,515,548,631,636,902,993,1414,1443,1521,2049,3306,5060,5432,5480,5666,5985,5986,5989,7001,7500,8080,9080,9100,9440,9443,10000,50000 --datadir "C:\\MidServer\\ServiceNow MID Server <mid server name>\\agent\\nmap\\safeScripts" -T4 -v -Pn -r --reason --system-dns -oX - <ip address redacted> -->
<nmaprun scanner="nmap" args=""C:\\MidServer\\ServiceNow MID Server <mid server name>\\agent\\nmap\\nmap.exe" -sT -Pn -p 21,22,23,25,53,80,110,111,135,137,139,161,162,199,389,427,443,445,515,548,631,636,902,993,1414,1443,1521,2049,3306,5060,5432,5480,566
2025-02-27 10:40:35: Exception occurred while executing operation Credentialless Discovery Command Using Nmap. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Internal error. Error unable to delete Nmap command error result file: C:\MidServer\ServiceNow MID Server <mid server name>\agent\nmap\commandResults\9d87a120990022102ff3f338cff9f16d-1081377968497800.xml
2025-02-27 10:40:35: Execution time: 80620 ms
I verified the MID server record shows nmap version 7.94 is installed and in the ecc queue, I see:
{
"result": {
"ip": "<ip address redacted>",
"active": true,
"alive": true,
"hostName": null,
"domainName": null,
"scanners": [
{
"result": "open",
"service": "snmp",
"protocol": "udp",
"name": "SNMP",
"port": "161",
"portProbe": "snmp",
"contents": {
"snmp_version": "3"
},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "timed_out",
"service": "winrm_ssl",
"protocol": "tcp",
"name": "HTTPS",
"port": "5986",
"portProbe": "winrm_ssl",
"contents": {},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "open",
"service": "ssh",
"protocol": "tcp",
"name": "SSH",
"port": "22",
"portProbe": "ssh",
"contents": {
"banner_text": "SSH-2.0-X",
"banner_bytes": ".53.53.48.2d.32.2e.30.2d.58.0d.0a."
},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "refused",
"service": "ms-nb-ns",
"protocol": "udp",
"name": "NBT",
"port": "137",
"portProbe": "wins",
"contents": {},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "refused",
"service": "epmap",
"protocol": "tcp",
"name": "GenericTCP",
"port": "135",
"portProbe": "wmi",
"contents": {},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "refused",
"service": "slp",
"protocol": "udp",
"name": "SLP",
"port": "427",
"portProbe": "slp",
"contents": {},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "refused",
"service": "wbem_https",
"protocol": "tcp",
"name": "GenericTCP",
"port": "5989",
"portProbe": "wbem",
"contents": {},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "unresolved",
"service": "dns",
"protocol": "udp",
"name": "DNS",
"port": "53",
"portProbe": "dns",
"contents": {},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "open",
"service": "http",
"protocol": "tcp",
"name": "HTTP",
"port": "80",
"portProbe": "http",
"contents": {
"response_code": "400",
"Server": "nginx",
"http_version": "HTTP/1.1",
"response_text": "Bad Request"
},
"scanners": [],
"hostName": null,
"domainName": null
},
{
"result": "open",
"service": "https",
"protocol": "tcp",
"name": "HTTP",
"port": "443",
"portProbe": "http",
"contents": {
"response_code": "400",
"Server": "nginx",
"http_version": "HTTP/1.1",
"response_text": "Bad Request"
},
"scanners": [],
"hostName": null,
"domainName": null
}
]
},
"ecc_queue": "d577e564eb402650dfe4f984cad0cdc3",
"errMsgs": [],
"status": {
"valid": true,
"sysID": "f767a564eb402650dfe4f984cad0cd49",
"number": "DIS0010708",
"scheduleID": null,
"jobID": null,
"discover": "CIs",
"include": null,
"description": "Discover CI",
"createdOn": "2025-02-27 17:38:51",
"updatedOn": "2025-02-27 17:38:51",
"useSnmpVersion": "undefined",
"source": "Quick_Discovery",
"priority": "1",
"includeAlive": false,
"logStateChanges": true,
"scratchpad": {
"behavior:0": 1,
"unique": "bf67a564eb402650dfe4f984cad0cd92"
}
}
}
Any idea why I am not getting a CI?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Hi,
Did you resolve this? We have a similar issue at the moment. I suspect it is related to the MID Server service account not having sufficient accesses to the folder structure on the MID Host but I'm not sure yet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
My issue was resolved by giving the service account admin rights as well as re-installing nmap on the mid server by disabling it in the ecc_agent table and activating again when the uninstallation had finished. After that I no longer got the error message. I guess it was a corrupt install.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago - last edited 4 weeks ago
Hi @Mike Hashemi ,
Can you share the logs of Credentialless Discovery Network Device pattern. It should have step called creating ci as shown in the below screenshot. that will give you better idea why the CI's are not being created.
If you found my answer helpful, please consider marking it as helpful or accepting it.
Regards,
Srinija Amisthapur
Rising Star 2025 ⭐
Certified Technical Architect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Hi Mike,
If my memory serves me correctly, you need to add an entry for the IP Phone class in the “SetCredentialLessDeviceClassName” include script.
This include script can be found in the “ecc_agent_script_include” table.
You have to modify the function "determineDeviceClassName" & "_isPotentialNetworkDevice" to take in conideration your IP Phone class.
Look the URL specified in script include = Device Types | Nmap Network Scanning
This will allow you to create your “IP Phone” CIs in the desired table.
If you found my answer helpful, please consider marking it as helpful or accepting it.
Frederic Rumeau
Now Developer
