- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2024 01:12 PM
Our MID Servers are all running on Windows OS. I've read that Windows/WMI discovery uses the same credentials used for running the mid server service. If this is true, then do I also need to create a Windows credential within Discovery credentials? Under what circumstances would it be used instead of what's already on the MID Server?
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2024 06:31 AM - edited 05-17-2024 06:32 AM
Yes, it's true that Windows/WMI discovery in ServiceNow can use the same credentials that are used for running the MID Server service. However, its good practice to specify separate Windows credentials within the Discovery credentials.
The credentials used for the MID Server service are primarily for the operation of the MID Server itself. These credentials allow the MID Server to interact with the ServiceNow instance and perform tasks such as executing probes and sensors.
On the other hand, the Windows credentials specified within the Discovery credentials are used specifically for the discovery process. These credentials are used to authenticate against the Windows machines that are being discovered. This allows the Discovery process to access necessary information from the target machines and update CMDB accordingly.
The below is from the https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0750751:
If a customer uses only the service account on the MID server service for their Windows credential, and do not have any windows credentials in the credential table of the instance, all windows discovery probes return details from the MID Server host, and not the target that's meant to be scanned.
The WMI classify probe returns the hostname of the MID server, not the target.
This issue is maintained even if the following properties are explicitly applied to the MID server:
mid.powershell.use_credentials = false
mid.powershell.local_mid_service_credential_fallback = true
The fallback facility to use the mid service credential is no longer working. It is acting as though there are no credentials being used at all. Since you can reproduce this with:
mid.powershell.use_credentials = false
mid.powershell.local_mid_service_credential_fallback = false
Please check the below article for more information:
(1) Windows Discovery Overview - Support and Troubleshooting - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1116898.
(2) MID Server and Credentials Encryption - Support and ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0679355.
(3) Windows credentials - Product Documentation: Utah - Now ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1235292.
(4) How to Update a MID Server password - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0746702.
(5) Credentials & Permissions troubleshooting on Discovery ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0657528.
(6) Windows discovery without 'domain admin' or 'local admin ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0951917.
(7) Determine if you have the correct credentials on the MID Server .... https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0535149.
Please mark my answer as either helpful or accept my solution.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2024 06:31 AM - edited 05-17-2024 06:32 AM
Yes, it's true that Windows/WMI discovery in ServiceNow can use the same credentials that are used for running the MID Server service. However, its good practice to specify separate Windows credentials within the Discovery credentials.
The credentials used for the MID Server service are primarily for the operation of the MID Server itself. These credentials allow the MID Server to interact with the ServiceNow instance and perform tasks such as executing probes and sensors.
On the other hand, the Windows credentials specified within the Discovery credentials are used specifically for the discovery process. These credentials are used to authenticate against the Windows machines that are being discovered. This allows the Discovery process to access necessary information from the target machines and update CMDB accordingly.
The below is from the https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0750751:
If a customer uses only the service account on the MID server service for their Windows credential, and do not have any windows credentials in the credential table of the instance, all windows discovery probes return details from the MID Server host, and not the target that's meant to be scanned.
The WMI classify probe returns the hostname of the MID server, not the target.
This issue is maintained even if the following properties are explicitly applied to the MID server:
mid.powershell.use_credentials = false
mid.powershell.local_mid_service_credential_fallback = true
The fallback facility to use the mid service credential is no longer working. It is acting as though there are no credentials being used at all. Since you can reproduce this with:
mid.powershell.use_credentials = false
mid.powershell.local_mid_service_credential_fallback = false
Please check the below article for more information:
(1) Windows Discovery Overview - Support and Troubleshooting - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1116898.
(2) MID Server and Credentials Encryption - Support and ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0679355.
(3) Windows credentials - Product Documentation: Utah - Now ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1235292.
(4) How to Update a MID Server password - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0746702.
(5) Credentials & Permissions troubleshooting on Discovery ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0657528.
(6) Windows discovery without 'domain admin' or 'local admin ... - ServiceNow. https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0951917.
(7) Determine if you have the correct credentials on the MID Server .... https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0535149.
Please mark my answer as either helpful or accept my solution.
Thank you.
