Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Discovery Failing at Classification Stage

DebjitGhosh31
Tera Contributor

Hi All,

 

I have few windows servers in my domain (50+)  which is failing discovery at the classification phase, with the error that 'No valid credential present'. Now these are domain joined server, and as other servers joined to the same domain are getting discovered, there shouldn't be any issue with credential, as they all have the same credential group of domain admin.

I have also checked - 
- Powershell is present on the server.

- UAC is disabled.

- Value of LocalAccountTokenFilterPolicy registry is set to 1

- No internal firewall blocking access.

 

What might be the reason behind the discovery failure.

 

Regards,

Debjit

2 REPLIES 2

Mark Manders
Giga Patron

They are 'discovered', because otherwise you wouldn't get that error. Discovery just can't access it to see what it discovered. And it could very well be that the server has settings that don't allow for the user to log in, even though they are joined to the same domain. They are still separate servers. 
The error you get and the remark 'credentials shouldn't be an issue' are not convincing that they aren't the issue (the error states they are). Try to manually discover one of those servers to further check on what is happening. And check the settings to see if extra access is needed.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Prahlad Kumar
Tera Guru

Hello  @DebjitGhosh31 

 

The servers are rejecting ServiceNow’s WinRM/PowerShell execution during the Classification phase due to local WinRM, Kerberos, or PowerShell policy differences — not because the credentials are wrong.
- WinRM is not fully or correctly configured (WinRM service may be running, BUT the WinRM listener is missing or broken)
ServiceNow Discovery uses WinRM (by default) to classify Windows servers.
   - Check on a failing server - winrm enumerate winrm/config/listener

-Kerberos / authentication mismatch on those servers
  -  These servers may have:

  • Broken SPN
  • Domain re‑join history
  • Cloned image issues

Kerberos fails silently - Discovery reports “No valid credential”.

Fix: Re‑register SPNs
Or rejoin the server to the domain if needed

 

 

Thanks & Happy to Help,
Prahlad Kumar (Tera Guru)
Solution Architect at HumIT
ITOM | ITAM | ITSM | CMDB | HRSD
LinkedIn: https://www.linkedin.com/in/prahlad-kumar-92a877117/

If this helps, please mark it as Helpful.