MID Server (mid host name) is not a suitable MID because it does not have the following capabilities [{Capability: Nmap, value: null}]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2021 03:27 PM
Hi All,
We have been observing the log warning:
MID Server (mid host name) is not a suitable MID because it does not have the following capabilities [{Capability: Nmap, value: null}]
We also found out that "mid.discovery.credentialless.enable" = True in our instance, and this is casuing that above message, and apparently, none of the MID servers seem to have NMAP installed, if they would have NMAP installed, I beleieve we should not have got that warning message.
I just need to confirm if NMAP is present or not on MID server, I see below is the way to check on windows:
on command prompt: nmap- <version>
if NMAP is not installed, that means the property was set to True by default during upgrade from previous version to Paris version---just a guess, as this warning was not coming before.
And also, how do we find out if we have any devices discovered with "credentials less " discovery, as we are planning to disable this option considering the warning log.
Has anyone faced this and what was your take on it.
Regards,
HM
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2021 04:18 PM
You would have to install nmap on the servers. Your security people will probably flip a table though, fyi.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2021 04:43 PM
If Nmap is installed on the midserver, it will be in the "..\agent\nmap" directory relative to the midserver installation. On the command prompt change the directory to the relative path to run the command "nmap -version".
If any CIs were discovered using "credential less", the "Discovery source" field value will be set as "CredentiallessDiscovery".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2021 05:30 PM
Hi Rishi,
Thank you, can you point me to the document that states below:
If any CIs were discovered using "credential less", the "Discovery source" field value will be set as "CredentiallessDiscovery".
My concern is about Disocvery Source value you mentioned, as it is ServiceNow who is discovering the CI, though it is "CredentiallessDiscovery".
Just need a doc that says in case of credentialless discovery the discovery source is set as "CredentiallessDiscovery"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2021 07:03 AM
Here is the excerpt from the docs and the reference link below.
"Discovery source [discovery_source]: Optional field in the Configuration Item [cmdb_ci] table to which the CredentiallessDiscovery choice is added. This option shows that credential-less Discovery was used to create a CI."
https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/concept/nmap-credential-less-discovery.html
If the MID Servers were not configured to run credential-less discovery, you should not find any device CIs where the discovery source is CredentiallessDiscovery. Disabling credential-less discovery using the system property you have identified will stop the unnecessary messages in the logs.
However, if you query the cmdb_ci table, (https://yourinstance.service-now.com/cmdb_ci_list.do?sysparm_query=discovery_source%3DCredentialless...) you may find some records have Discovery source set as CredentiallessDiscovery. This is expected behaviour per https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0746793.
I hope this helps.