Discovery: Discovery picks wrong credentials even after deleting the IP from credential affinities

PhilomanR · a month ago

I am trying to discover NetApp storage server with a new credential ABC. When the discovery is executed, I could see that the discovery has picked up old XYZ credential and the server is not discovered/identified. I disabled the XYZ credential and deleted the server IP from its credential affinities and ran the discovery again, this time around the NetApp CI is discovered through ABC credential.

After an hour, I had enabled the XYZ credential and ran the discovery again. However, instead of picking up ABC credential (Since the server IP address was in its credential affinities) the discovery again picked XYZ, and the discovery error says," Could not find any valid authentication type".

Could someone please let me know what could cause such error

Mannapuram · a month ago

@PhilomanR Did you check in the table 'dscy_credentials_affinity'? This table usually stores the Credential Affinities by linking Credential ID with the IP Address.

Also try testing, XYZ credentials with the intended NetApp Storage server IP address.

PhilomanR · 2 weeks ago

I checked the credential affinities, and it has XYZ credentials with the intended IP Address.

srinija_itom · a month ago

Hi @PhilomanR ,

Please check for the order of credentials and also check for credential type. Are these both XYZ and ABC same credential type? As per documentation, Netapp support both SNMP credentials or basic auth credentials.

Notes From the Documentation

Verify the configuration of the credentials

Configure SNMP community credentials to classify the NetApp server.
Configure basic authentication to classify NetApp HTTP.
When using ONTAP API, the credentials must use the basic authentication method of password and enable read-only access to the ONTAP API on the NetApp server. For cluster mode, the user can have a read-only role with default access. For 7-mode, the user must have a custom role with the following capabilities:
- login-snmp, login-ndmp, login-sp, and login-http-admin
- Api-*

Verify the permissions to run HTTP REST API calls For NetApp discovery using the NetApp Cluster HTTP pattern, the application user must have a read only role.

Running Discovery

To run discovery using Patterns, create a discovery schedule that targets the management IP address of the NetApp server.

Documentation Link - https://www.servicenow.com/docs/bundle/vancouver-it-operations-management/page/product/discovery/con...

Regards,

Srinija

jonsan09 · a month ago

You'll want to leverage credential alias on the discovery schedule:

Delete the existing Discovery Affinity records.
Create a Credential Alias for the ABC credential (e.g., ABC_Alias).
Attach the ABC credential to that alias.
Update the relevant Discovery Schedule(s) to use the credential alias (not the direct credential) for the devices that require ABC.
Run Discovery (or let the next scheduled run occur) to validate.