[Discovery] Unable to get software information of windows machine

Makoto Uchiyam1
Tera Contributor

‎12-16-2022 03:02 AM

Hi,

 

We tried to run Discovery on a windows device, but the "Installed Software" Probe failed with a timeout.

I'm sure that's why, "Software Installed", "Running Process" and "TCP Connections" weren't populated.

The CI itself was constructed.

 

[Target Windows device]

Windows 2016 Standard

Virtual machine on VMware virtual Platform

 

[Condition of Reproduction]

* Same Instance and Same MID Server can reproduce anytime.

 - Cannot be tried from another MID server with operational reason.

* Not reproduced on another Windows device.

 

[Log]

The Discovery log showed the following message.

"Command [snc-decode-command JiB7I...(omitted)...fKSB9 | invoke-expression] timed out after PT15M"

 

Has anyone else encountered a similar situation?

Support told me it was due to machine load, but machine load was not high. And it reproduces anytime.

Please indicate any other information needed to investigate the cause.

 

 

0 Helpfuls
  • 1,132 Views
6 REPLIES 6

Manuel Stimac
Mega Sage

‎12-18-2022 10:48 PM

Hi @Makoto Uchiyam1,

I would try the following first:

  1. Network access still valid (Firewalls open to discover the systems?)
  2. Review Credentials & test them
  3. Update Discovery/Service Mapping Patterns
  4. Check Agent.log & Wrapper.log from the MID Server at time of Discovery
  5. Debug the Pattern itself

Some of those checks are quite simple - I know - but I experienced really strange behaviors and at the end it was either some blocked traffic or wrong User/PWD. Hope this helps.

 

If this answer helps you please mark it as Helpful/Solution.
Thanks & Regards - Manuel

 


If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel 

Makoto Uchiyam1
Tera Contributor
In response to Manuel Stimac

‎12-19-2022 12:11 AM

Hi Manuel,

 

Thanks for reply!

We coudn't get "Installed Software" and "Runninng Process", however CI[cmdb_ci_win_server] record was created and hold some attributes properly. So your suggestion from 1 to 3 should be satisfied.

 

I have some questions about 4 and 5.

4. Where can I check "Agent.log" and "Wrapper.log"?

5. Please tell how to "Debug the Pattern itself".

 - I am trying to identify the WMI command to get SW information but cannot find it.

 

Regards,

0 Helpfuls

Manuel Stimac
Mega Sage
In response to Makoto Uchiyam1

‎12-19-2022 03:51 AM

Hi @Makoto Uchiyam1,

The Agent.log and Wrapper.log are located in the installation directory of you MID Server.

You can debug the related pattern by locating it at "sn_discovery_patterns":

 

ManuelStimac_0-1671450662148.png

 

If this answer helps you please mark it as Helpful/Solution.
Thanks & Regards - Manuel 

 


If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel 

Makoto Uchiyam1
Tera Contributor
In response to Manuel Stimac

‎12-19-2022 05:18 PM

Hi Manuel,

Thanks for reply!

 

You can debug the related pattern by locating it at "sn_discovery_patterns":

I checked "Windows - Installed Software", but couldn't find "gwmi" or "Get-WmiObject".  I'm thinking it would be useful to type the commands that the MID server actually sends from PowerShell, but is there any way to get the commands?

 

Regards,

0 Helpfuls