IIS not found by discovery on Server 2016

Ann B_ · ‎03-04-2019

I have several Windows 2016 servers running IIS that work fine with discovery. I have one Windows 2016 server that discovery is not showing IIS server information. Discovery discovers the server but the IIS pattern launcher never starts and it completes discovery without showing that IIS server is running on it. No errors in discovery log. Is there something on this web server that would cause it not to be recognized as an IIS server by discovery?

DaveHertel · ‎03-07-2019

If you don't see it in the payload, then thats likely why the classifier isn't getting triggered (obvious, but I had to say it 🙂 ) "I do not see svchost.exe -k iissvcs"

If you are getting all the other services, be sure ON THE BOX (not the payload being returned) that the service is truly what you think/say it should be. While is sounds right -- look at the machine to verify precisely what it really is, then run disco and look at the payload. I'm betting whatever is running on the box is being returned (even if its not exactly what you might be expecting).

Sounds like a mismatch in what is truly running vs. what the classifier criteria is looking for...

DaveHertel · ‎03-21-2019

Hello - Did this help?? If so, consider checking the Helpful button to encourage participation in the community and help others find useful content if/when they have similar questions. Thanks

Ann B_ · ‎07-23-2019

It turns out that there was a local computer policy on this web server that was blocking permission for ServiceNow to discover the IIS information. Permissions were modified in this group policy and then IIS info was discovered successfully. This server was created with an image that contained a lot of security parameters.

rwilson1 · ‎10-18-2019

AB, I am experiencing the same issue with a server running IIS not being classified as a Web Server, could you share the local policy that was causing the permission blocking?

Thanks!

Robert

Ann B_ · ‎10-18-2019

“Administrators” group was added to the Debug programs policy, it instantly starting working.

Local Group Policy Editor ->Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Right Assignments -> Debug Programs.