Discovery schedule is not discovering all the Servers

Ankith K U · ‎05-18-2023

When we run discovery schedule for IPs/IP subnet we are getting below error

Terminated the probe because the max timeout was exceeded: 600 seconds.

Only 20% of servers from the schedule will get updated rest all will be terminated with the error

But if we pick those IPs which we get these errors and run a quick discovery, the Server associated with that IP will get updated.
We have tried to increase the probe time to 1200 seconds that also didn't help.

Also we see HIGH CPU usage (100%) while running the schedule

Daniel Borkowi1 · ‎05-19-2023

Hi Ankith,

there could be a lot of reasons but most of them I assumes are related to overutilizing the MID.

Please follow this good or best practices:

Ensure that IP ranges are not too big. Especially large but almost empty Networks eat a lot of memory because of amount of open Connections waiting for a time out.
Place the MID as near as possible to you scan target, best in the same network or at least behind the firewall.
Use clustering of MIDs
Use Shazzam Batch size smart - not too small, not to big - test what's best for your setup.
Use some MID tunning measures like described in https://hishowcase.service-now.com/kb?id=kb_article_view&sysparm_article=KB0952290

Hope that helps.

Greets

Daniel

Ankith K U · ‎05-23-2023

Hi Daniel,

Thank you for your reply. We tried running discovery with limited IPs all from the same region and using MID from that region itself. From a list of 100 IPs only 20 will get updated and others all will get terminated. Quick discovery for those terminated one's will update the server. We have increased JVM memory and also threads. Nothing helped.

We found this issue only for windows servers and we use JEA for discovery

Thanks

Ankith

Daniel Borkowi1 · ‎06-06-2023

Hi Ankith,

you can only check if all prerequisites are given:

From Docs:

Requirements for Discovery with JEA

A ServiceNow instance running on the Rome release or later.
The MID Server and target server must be part of a Windows domain.
The JEA credentials with non-administrator rights must be domain level credentials.
PowerShell 5.0 or Windows Management Framework 5.1 must be installed on the target Windows machines.
PowerShell Remoting must be enabled on the target Windows machines.

Note: For security enhancement, starting from Rome there is a new profile called JEA v2. Microsoft does not recommend specifying any other language mode than NoLanguage in the JEA profile. JEA v2 explicitly sets the session type to RestrictedRemoteServer and the language mode to NoLanguage to prevent users running arbitrary scripts at the endpoint and bypassing security restrictions. ServiceNow no longer supports the existing sample profile in KB0782125. Follow the instructions in KB0965705 to set up and deploy JEA v2 profiles.

If everything is as described, I recommend to involve ServiceNow HI Support.

Greets Daniel

Daniel Borkowi1 · ‎05-24-2023

Hi Ankith,

that sounds strange. If it works for single discovery than it could be no issue with credentials and privileges. In this case I would recommend to involve HI Support.

Greets

Daniel