Removed software still appears to require reconciliation.

Jen Wenrick1 · ‎06-27-2022

We are using ServiceNow Discovery and SAM Pro. I have some software that was de-installed from LINUX OS systems about 1 month ago. Since then discovery has run multiple times, reconciliation has run multiple times and this software package continues to show up on these systems in the license workbench. How does this work with Discovery and ServiceNow with regard to software that is de-installed, what should I expect to see? Looking for more details on how this is supposed to work so that I can further troubleshoot please. I also have the same questions about SCCM & JAMF integrations, but the immediate need/concern the LINUX server situation mentioned above. THANKS!!

Trevor Muhl · ‎06-27-2022

Hello Jen,

In my experience (and as you are seeing), software installations are not automatically removed from ServiceNow. If possible, your business process for uninstallation should include deleting the installation record in ServiceNow.

Otherwise, you will have to seek a different method which can be trickier. Perhaps you can systematically compare a Software Installation record's "Last scanned" field to the last scanned date of the device. If that installation was not seen during the last scan, it could be removed.

This topic is also discussed here: https://community.servicenow.com/community?id=community_question&sys_id=250dac08db23738014d6fb24399619bb

I hope this helps.

Joe Ryder · ‎06-29-2022

Porting over my comment from another comment:

Relying on "Last Scanned" from SCCM is problematic for two reasons:

That timestamp, out of the box, does not use the timestamp of SCCM's last scan date. It indicates the last time ServiceNow saw the record of the install in SCCM's database. That database might hold installs for 30 days, 90 days, or more depending on how it's configured. So, while it could eventually drop off the database, meaning that Last Scanned is no longer updated, that could mean you don't see retirement until months after actual uninstallation.

As well, there could be other reasons why that scan didn't happen. You'll want to space out the business rule so that it doesn't immediately retire the install so you don't get a false positive. For instance, for environments with test devices, devices could sit around for a quarter and not be used, looking as if the device is no longer active. However, that does not mean it is a reclamation candidate automatically. If it is still in service and just idle, and the license is reclaimed without removing the software, you run the risk of that machine coming back online later and being noncompliant.

I would recommend, for anyone using SCCM and not Intune, to review your configuration to ensure proper identification of uninstalled software. As well, the Service Graph connector for SCCM helps with resolving issues with timestamps as the data is more accurate to active use.

Srinivas Ramanu · ‎06-28-2022

hi Jen

We have identified the root cause of the issue, and are working to provide a solution for the same. The fix involves both ServiceNow discovery and SAM. The good news, is that the fix is almost ready and being tested now. The issue at a high level was that the application record install status was not being set automatically to absent/retired once the software was removed, and hence SAM was taking that into account.

However, as I said this issue is being taken care of, so that automatically records in the application table would be marked as absent, thereby SAM would delete the software installs. It would be great if you have a dev environment where we can check the fix. Please let us know and we can discuss.

Joe Ryder · ‎06-29-2022

Awesome pivot to a known issue! Thanks from the community, Srinivas!