Resolving issues with discovery results is an iterative process:
-
Configure and run Scan Jobs
-
Review results of Scan Jobs in IT Explorer and Scan Results & Scan Status
-
Refine Scan Jobs until the environment has been completely discovered
-
Review the findings
-
Extend/Modify the Scan job scopes
-
Blacklisting low-interest processes
-
Adding Fingerprints and Templates to model the environment more accurately
-
This document provides examples for the review results section and identifies how improvements to the successful coverage of the scan operation can be achieved.
IT Explorer
The IT Explorer interface identifies the server and services that have been discovered during the scanning process.
Scan Job Results
The individual elements of the scan job can be further examined by double-clicking an individual scan job. This shows the history of the scan job execution with the progress bar for each execution.
Each scan execution can be further examined by clicking a single scan. A dialogue that identifies two tabs:
-
The Scan Results tab shows all changes related to Servers, Containers, and CI's derived by application dependency mapping, i.e. Services, Software Clusters, and Found Groups.
-
The Scan Status tab displays the information about the scan per IP Address. Columns can be sorted to quickly identify things like IP addresses taking a lot of time to be scanned, or IPs where credentials didn't provide access to target systems.
Scan Status |
Description |
Category |
Action Required by |
Action |
---|---|---|---|---|
Success | Successfully scanned | Scanned | None | None |
NoConnection | System is reachable by ping, but has none of the required port(s) open allowing a connection to be established. | Not Scanned | Customer | Check firewall ports. |
CredentialFailed | Authentication failure | Not Scanned | Customer | Check Credentials. |
InsufficientPriviliege | Credentials do not allow to execute the commands required to generate a guaranteed unique and durable unique identifier. | Not Scanned | Customer | Check Credentials. |
ScanFailure | Unrecoverable or unexpected errors, untrustable ids, missing key CI’s, or timeouts / aborted target scan. | Not Scanned | ServiceProvider | Check Logs. |
SkippedAsSameAs | Target has already been scanned in the same Scan Job, via a different IP, i.e. scan result has already been sent to the SAAS platform. | Skipped | None | None |
ConnectionFailed | An unexpected error happened during connection, i.e. error is different than InsufficientPrivileges or CredentialFailed (incorrect credentials). | Not Scanned | ServiceProvider | Check Logs. |
UnusableConnection | Target has been successfully connected, but some 'services' (like RPC) are missing on target, preventing a successful scan | Not Scanned | Customer | Check firewalls and/or target system health. For Windows: check that the credential has access to WMI, Remote Registry, RPC and (SMB) C$ drive. |
NoAnswer | Target unreachable. | Not Scanned | Customer | Check Scope, Firewalls; is device turned on? |
NoCredential | Target identified and type identified (i.e. Unix, Windows, etc.), but no corresponding Credential in Scan Job config. | Not Scanned | Customer | Check Credentials. |
Unknown | Unexpected condition. | Not Scanned | ServiceProvider | Check Logs. |
PartialScan | Target has been successfully connected with appropriate privilege levels and a trustable target identifier has been generated, however, some data has not been collected, like Disks, Filesystems, processes, Connections, etc. Application scan failures can also generate a partial scan status. |
Not Scanned | Customer | Check Logs. |
SkippedAsWorkStation | Skipped | None | None | |
SkippedAsExcluded | Target is in the list of excluded IPs. | Skipped | None | None |
Aborted | Not Scanned | ServiceProvider | Check Logs. | |
NoResult | No scan result was received by CAM | Not Scanned | ServiceProvider | Check Logs. |
CredentialNoLongerWork | Credential no longer works. | Not Scanned | Customer | Check Credentials. |
LockedAccount | The connection was not established due to too many authentication failures | Not Scanned | Customer | Check if credential provided is correct and assigned to correct scan job. If correct, unlock account on target. |
ConnectionTimedOut |
The login timed out. |
Not Scanned | Customer | Check if connection available manually (and not blocked by anti-virus software/firewall). |
DNSResolutionFailed |
Unable to resolve the target HostName provided in the Scan Job scope into an IP Address. |
Not Scanned | Customer | Manually check if DNS resolution works on appliance. |
Scan Info Details and Actions:
Scan Status | Description | Category | Action Required by | Action |
Failed to gather Process Connections |
A O/S command was unable to generate a list of connections from local processes to remote machines. The list of process connections is used to provide application dependency mapping within the product |
Process Collection |
Customer |
Check Credentials for permission to execute the |
There is one truncated process with the following process ID: [NNNN]. |
The command line of a process is used to identify the executable that is being run. O/S limitations can restrict the total size of the command line that can be returned. This error identifies that the process command line could not be generated due to O/S restrictions. |
Process Collection |
None |
There is no action that can be undertaken by teh customer in this case. |
'dmidecode' command is not available. |
Dmidecode is a (*nix) tool for dumping a computer's DMI (or SMBIOS ) table contents in a human-readable format. This table contains a description of the system's hardware components, as well as other useful pieces of information such as serial numbers and BIOS revision. This command is one of the commands that an be used to uniquely identify a server from its peers. |
Uniqueness |
Customer |
Check Credentials for permission to execute the dmidecode command. On some *nix operating systems |
Failed to gather Identifier.Please visit <link> for more information. |
A command(s) is used to uniquely identify a server from its peers. If this command(s) is not available or can’t be run then uniqueness cannot be established and the target cannot be fully scanned. |
Uniqueness |
Customer |
Check if user credential/login has permissions to run server commands that are used to generate uniqueness. Contact Support team to identify the commands that are failing. |
Command 'SELECT SERIALNUMBER FROM Win32_BIOS' failed to get serial number. |
A WMI Windows command is used to uniquely identify a server from its peers. If this command is not available or can’t be run then uniqueness cannot be established and the target cannot be fully scanned. |
Uniqueness |
Customer |
Check Credentials for permission to execute the dmidecode command over WMI. |
Workstation Skipped |
Target has already been skipped as the O/S has been identified as an Workstation edition. |
Not Scanned |
None |
Check Logs |
Connection to appliance <appliance-name> cannot be established on port 8080 from the server which is a requirement for metrics collection. Get request validation failed
|
The connection from the scanned server back to the appliance port 8080 is blocked. This means that metrics collected from the scanned server cannot be returned to appliance and then to the SAAS platform. Metrics will not available for this machine in the CAM UI. This implies that there is no HTTP communication from target machine to the appliance VM (http://<appliance IP>:8080) |
Metrics |
Customer |
Login into the scanned server and check that port 8080 on the appliance IP is reachable. Windows: Unix: On *nix open a shell THEN Enter |