Discovery Credentials

carloschaluisan · ‎09-29-2016

While running our Discovery Schedules, a significant amount of authentication / credential issues are being generated. The errors with the highest occurrence are:

Connection failed to WMI service. Error: Permission denied
SSHCommand: No valid credential found for types [SSH Password,SSH Private Key]
Failed to access target system. Please check credentials and firewall settings on the target system to ensure accessibility: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Here is what we've done so far:

Confirmed the usernames and passwords in the Credentials table are correct Confirmed the MID Servers are up.
Firewalls in the Host Machines where the MID servers are installed are disabled
Set mid.use_powershell = true in each MID Server
Set mid.powershell.use_credentials = true in each MID server
Set mid.powershell.local_mid_service_credential_fallback = false in each MID server
Manually ran WMI (gwmi) queries and tested SSH from the Host servers where the MID servers are installed and confirmed access is granted and data is returned.

Any troubleshooting suggestions would be greatly appreciated...

glennpinto · ‎09-29-2016

Connection failed to WMI service. Error: Permission denied - this error is usually caused by a failed Windows Credential. So basically you do not have a valid windows credential for that specific target.
SSHCommand: No valid credential found for types [SSH Password,SSH Private Key] I am not as familiar with this error but it is obviously UNIX based and appears to be associated with a bad cert. Make sure you have the start and end tags included in the cert.
Failed to access target system. Please check credentials and firewall settings on the target system to ensure accessibility: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) This error is usually caused when there is no valid Windows Cred defined in the Credentials table, and the MID attempts to use the MID Service Credential. If it fails, it throws this type of error. Strange that you would get this if you set mid.powershell.local_mid_service_credential_fallback = false

This should prevent any MID from using the Service Cred and only rely on the Win Credentials defined in the Credentials table.

JBark · ‎09-29-2016

Glenn is on the money, one of the first thing you have to do as a Disco Admin is insure that your Discovery service account has admin on Windows boxes. I've never had to set the credential_fallback to false because I did due diligence and confirmed AD GPO was working correctly and properly populating the local admin group.

bhanupratap2203 · ‎01-30-2018

Hi,

I am having same issue.

For WMI Credentials,

-Tried test crdentials, it failed. Checked with Server team, they confirmed that the credntial account is there on the target server. Still no go. what should be next action of troubleshooting. Please suggest.

For SSh credentials,

- tried test credentials, it passed. But when running discovery, it is not identifying the CI. Error in payload of MID server ecc queue is 'No supported privileged command found, running as current user' . When Server admin tried to login on the same target Linux machine, he is able to login with same SSH credentials. Kindly assist further.

tim_broberg · ‎01-30-2018

Hi, Bhanupratap.

Please open a new thread as your questions are going to get lost in here. Actually, you have two separate questions here, so you probably want to open two.

As to the ssh issue, your credential is fine, but the probe is trying to run sudo for a command and doesn't have permission.

You'll want to configure a privilege escalation utility to allow your account to masquerade as a user with sufficient privileges to run certain commands. (Sudo is most common, and involves running visudo on the target to configure sudoers permissions.) Privileged commands for the MID Server

The commands required are listed here: SSH credentials

Hope this helps,

- Tim.