Discovery Windows Device on different AD Domain/Tree/Forest

garyopela · ‎09-24-2012

I am trying to discover a device that is on a differen't AD tree than mine. I have an account on that tree that i'm trying to use. I've setup an entry in my Discovery Configurations for the account with a Type of Windows. I then go to discover the device. I can see it's name and IP, but then I get WMI Authentication Failed error messages.

Is it possible to discover devices on a different AD Tree using an account from that AD Tree?

doug_schulze · ‎09-25-2012

Be sure you have enabled all the pieces of Powershell for discovery. To use the windows credentials you need to primarily ensure...

The PS files are all unblocked
You enabled the PowerShell for Discovery parameter (restart mid after adding)..and BTW the use credentials table is inherited so doesnt need to be specifically defined.
Ensure powershell 2.0 is installed on the MIDserver host .. does NOT need to be on every target, just the MidServer host..

You should be good from there!

garyopela · ‎09-26-2012

Thank you, sir.

Will this affect my other servers that I need to authenticate normally?
Basically, I have most of my servers need to be authenticated to with the credentials under which the mid-server service runs. Will the credentials try both the powershell credentials (the windows credentials in the credentials table), and the credentials under which the service runs, and then create an affinity to the correct one?

doug_schulze · ‎09-27-2012

Actually it won't, while we would try the 'PS' user when that fails we will use the midservers 'run-as' user to success....

The unique thing about affinities is that we build them for creds in the table on service now..the instance has no concept of the credential that the mid is running as...

So to make the magic happen include the credential that the midserver is running as, in the credentials table.. so that we will set the affinity and never use the wrong credential a second time...

garyopela · ‎10-02-2012

Thank you, sir. I had actually thought about adding the mid-server credentials to the credentials tables this morning on the way to work. I'll try it all out and then update this thread for any future users' reference.

Gary