
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2020 06:46 PM
Overview
Can I enable the error message "x.x.x.x is not a reachable host (no response to target ports scanned by MID)" when I run a Scheduled Discovery? I receive that error message when I run a Quick Discovery, but I do not receive that error message when I run a Scheduled Discovery. I want this error message so I receive a log entry for every IP address that is not Discoverable; I currently receive no such error message
Example
When I run a Quick Discovery of a single IP address, 10.254.8.241, the IP is not reachable, and I receive this error message in the Discovery Log.
"10.254.8.241 is not a reachable host (no response to target ports scanned by MID)."
The benefit is that I receive a message in the Discovery Log that identifies an IP address that is NOT Discoverable.
When I run a Scheduled Discovery of the subnet 10.254.8.240/28, which includes the IP address 10.254.8.241, the Discovery finds eight devices; the IP address 10.254.8.241 has no device and so there is no associated device on this list.
10.254.8.245 dccan100tol02 Windows Server
10.254.8.246 cacol2app21 Windows Server
10.254.8.247 cacol2app20 Windows Server
10.254.8.248 dccan100sql17 Windows Server
10.254.8.250 (empty) Active, couldn't classify: No WMI connec
10.254.8.251 dccan100tola3 Windows Server
10.254.8.252 dccan100exc13 Windows Server
10.254.8.253 (empty) Active, couldn't classify: No WMI connec
These IPs in the Discovery Range have no devices. There is no mention of these IP addresses in the Discovery Log.
- 10.254.8.241
- 10.254.8.242
- 10.254.8.243
- 10.254.8.244
- 10.254.8.249
- 10.254.8.254
I would like to see these messages in the Discovery Log
- 10.254.8.241 is not a reachable host (no response to target ports scanned by MID).
- 10.254.8.242 is not a reachable host (no response to target ports scanned by MID).
- 10.254.8.243 is not a reachable host (no response to target ports scanned by MID).
- 10.254.8.244 is not a reachable host (no response to target ports scanned by MID).
- 10.254.8.249 is not a reachable host (no response to target ports scanned by MID).
- 10.254.8.254 is not a reachable host (no response to target ports scanned by MID).
Solved! Go to Solution.
- Labels:
-
Discovery

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2021 06:49 PM
Hello,
I have not found a workaround and I'm not sure that I ever will. One possible complication is that the number of IPs that are designated "not a reachable host" can be massive for subnets with small CIDR host identifier bits. For example, if one scans the subnet "10.0.0.0/8", Discovery would have to report on 16,777,216 IP addresses, most of which are like designated "not a reachable host." This alone is one reason not to report on IP addresses that are designated "not a reachable host".
This is also discussed in this linked post.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2020 01:01 PM
Hi Tom,
Did your company end up coming up with a good resolution for this? I find this to be a nuisance as well - when troubleshooting discovery errors having to constantly sift through errors that I expect because no device lives at that IP can be annoying. Love to hear if you did anything for this?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2020 03:15 PM
Hello, Marskh11,
I am still working on a solution. I plan to parse the Shazzam results for Discovery ranges, then record each IP scanned in a separate table.
An example Shazzam result appears here. From this, the parse finds the single IP address "192.168.0.5" and the range "172.16.0.0/12". It then expands the range. It adds all the IP addresses to a separate table.
- 172.16.0.0
- 172.16.0.1
- ...
- 172.31.255.255
- 192.168.0.5
<discovery_ranges>
<meta_coll>
<ip_list>
<ip>192.168.0.5</ip>
</ip_list>
</meta_coll>
</discovery_ranges>
<discovery_ranges>
<meta_coll>
<inc_exc_coll>
<summary>172.16.0.0/12</summary>
<include>
<network>
<network_ip>172.16.0.0</network_ip>
<netmask>12</netmask>
</network>
</include>
<exclude><ip_list/></exclude>
</inc_exc_coll>
</meta_coll>
</discovery_ranges>
Using the SNC Network APIs would likely help this effort, but these are internal APIs, and ServiceNow will not release the API documentation to me.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2021 10:39 AM
Hello,
Our company does not yet have a means to report IP addresses that are put through the Shazzam process but have no response to any port; that is, those IP addresses that are neither "Active" nor "Alive". I restated the question slightly and posted it in a new question in this Forum at this link.
One possible complication is that the number of IPs that are neither "Active" nor "Alive" can be massive for subnets with small CIDR host identifier bits. For example, if one scans the subnet "10.0.0.0/8", Discovery would have to report on 16,777,216 IP addresses. That alone would be one reason not to report on IP addresses that are neither "Active" nor "Alive".

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-06-2021 10:33 AM
Here is a related question on this forum.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2021 09:40 PM
Hi,
I am facing same error. Did you find solution for this?
Thanks.