Discovery failing on Windows workstations (Reverse DNS failing)

nbadano · ‎12-27-2018

I am having issues with some of the Windows workstations not being able to be discovered in my work's environment. These machines are primarily returning with the "RPC server is unavailable" error, and it occurs most on one of the domains than the other.

I have tried the troubleshooting presented in all the previous postings people have made in the community about the "RPC server is unavailable" error. I have tested the credentials from the MID server machine using the cmd prompt and powershell scripts, used RDC to connect to one of the workstations having the issue from the MID server, confirmed with our network group that traffic wasn't being restricted, checked that the RPC service was up and running, repaired WMI on one of the machines, and tested that the 135 port was open using telnet.

The only thing I can find in common on these machines is that these machines reverse DNS lookup results in incorrect workstation names being returned. Also when I test the credentials using the powershell script "gwmi win32_operatingsystem -computer -credential" I get "The RPC server is unavailable" if I enter the IP address of the machine, but if I enter the host name I get a clear response back. Any suggestions on anything I might be missing with this issue?

Edit: I should add that these are machines that were able to be discovered before by ServiceNow, and one of the machines having the discovery issue is my work laptop which has been my main test machine.

DaveHertel · ‎12-28-2018

Hi -- You've obviously done a lot of troubleshooting already, nice job. But its unclear if the windows firewall on the target windows servers to be scanned, might be blocking. These 2 KB's on HI discuss this issue with RPC unavailable:
KB0549834 .... 1 of the issues that stood out from this KB was "This indicates that the MID Server is not able to access the remote machine using RPC. Usually that is caused by a Windows firewall on the remote machine not letting RPC requests go through."

And also KB0564282 .... 1 possible issue mentioned "A firewall blocks Remote Procedure Call (RPC) calls from the MID Server to the Microsoft Windows Server preventing the discovery process. The problem can be caused either by Windows Firewall (embedded) or an external firewall.

Firewall is not configured correctly to let through RPC calls from the MID Server. Typically, RPC uses large range of ports. The MID Server initiates the RPC connection on port 135, but once the connection is established, it uses any port in the range of 1024 and up."

Does this help? Hope so...

VivekSattanatha · ‎12-30-2018

Hi,

I have seen the DNS problem in one of our servers before after I fix those DNS entries in our DNS servers the issue got resolved. Contact your wiindows team to update the false DNS entry on DNS server.

Regards,

Vivek

nbadano · ‎01-02-2019

Dave,

Thank you for the links sir. I actually tried both of these shortly after posting this in the community, and unfortunately they did not work to resolve my issue. It seems to be that because reverse DNS is failing to resolve correctly, then WMI is failing to connect.

Vivek.

Hypothetically speaking if my Domain team was aware of the issue, and responded with "DNS is tricky and there is nothing we can do" would you have any follow up suggestions for workarounds? We are seeing this DNS issue on servers as well as Windows workstations.

VivekSattanatha · ‎01-03-2019

It is better to make them understand. ServiceNow is not the only one affected by this may be their monitoring system also would have affected by this wrong configurations.