IIS not found by discovery on Server 2016

Ann B_ · ‎03-04-2019

I have several Windows 2016 servers running IIS that work fine with discovery. I have one Windows 2016 server that discovery is not showing IIS server information. Discovery discovers the server but the IIS pattern launcher never starts and it completes discovery without showing that IIS server is running on it. No errors in discovery log. Is there something on this web server that would cause it not to be recognized as an IIS server by discovery?

DaveHertel · ‎03-04-2019

Hi AB - It sounds like the process classifier for IIS isn't finding a corresponding/matching criteria. Perhaps there is something unique about that machine.... look at that CI, under its Running Processes and find the IIS process. Then look under Discovery Definition -> CI Classification -> Processes and find the IIS process classifier. Within that classifier, be sure the criteria defined within the classifier is what is actually running on the 2016 box. This criteria is what tells the classifier to match or not.

If your IIS pattern isn't launching just for 1 box, there is likely something unique about its installation.

Does this help? Hope so..

Ann B_ · ‎03-07-2019

The Sys Admin that manages the server tells me that the executable for IIS looks like below. Is there something else to check?

C:\WINDOWS\system32\svchost.exe -k iissvcs

DaveHertel · ‎03-07-2019

Yes, check your process classifiers to ensure: A) the match that criteria; B) the classifier is active then run a test disco of just a machine that you know for sure has IIS running and dig into the logs during the classification stage. Check out what running processes were returned from the probes (look at payload) to verify the system is retrieving what you think it should be getting....

Hope this helps?

Ann B_ · ‎03-07-2019

In the payload where it lists the services running on the machine I do not see svchost.exe -k iissvcs for the Server 2016 server. I do see a lot of w3wp.exe commands listed for each website on the server. I went to the admin and had him show me that World Wide Web services is indeed running on the 2016 server. Not sure why discovery is not seeing it. Should I change classifier to include w3wp.exe as criteria to trigger IIS pattern launcher?