Credential-less host Discovery

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Credential-less Host Discovery

    Credential-less host discovery in ServiceNow occurs when a scanned host is identified as alive but inactive, or when all credential-based probes fail during classification. It enables the system to gather basic host information and create or update host Configuration Items (CIs) without requiring credentials.

    Show full answer Show less

    This discovery method is triggered by the HorizontalDiscoveryProbe or the Shazzam probe under these conditions. It launches the Credentialless Discovery Network Device pattern, which attempts to create or update a CI in the Hardware [cmdbcihardware] table.

    To enable this functionality, the system property mid.discovery.credentialless.enable must be set to true. Setting this property to false disables credential-less discovery.

    How Credential-less Discovery Works

    • The MID Server uses the Nmap command to verify if the host is up by scanning the IP address and a configurable list of ports.
    • Nmap performs reverse DNS resolution to determine the host name; if multiple names exist, the first is used; if none, the IP address becomes the host identifier.
    • The Npcap packet capture library identifies the host's operating system family.
    • If the scanned host is on the same subnet as a Windows MID Server running Nmap, the MAC address is also retrieved.
    • The list of ports scanned by Nmap is stored in the IP Service [cmdbipservice] table, which can be customized. Ports can be excluded from scanning by setting their Credentialless Discovery [cldiscovery] column to false.

    Creating and Updating Host CIs

    • After discovery, the SetCredentialLessDeviceClassName MID Server script determines the operating system family of the host.
    • Depending on the OS family detected by Nmap, the host CI is assigned an appropriate system class derived from the Hardware base class, such as Linux Server [cmdbcilinuxserver] or Windows Server [cmdbciwinserver]. If no OS family is matched, the base hardware class is used.
    • When credential issues are resolved and credential-based discovery completes, the existing CI created by credential-less discovery is updated using serial number, host name, and system class from the credential-based data.

    Supported Operating System Families

    • AIX (cmdbciaixserver)
    • HP-UX (cmdbcihpuxserver)
    • Linux (cmdbcilinuxserver)
    • Solaris (cmdbcisolarisserver)
    • OS X or iOS (cmdbciosxserver)
    • Windows (cmdbciwinserver)
    • Undefined OS family uses the generic cmdbcihardware class

    Hardware Identification

    The Discovery - IP Based [com.snc.discovery.ipbased] plugin adds an identifier rule to the Hardware base class that matches host CIs by name as discovered via Nmap. This rule is applied during both credential-based and credential-less discovery to accurately identify hardware CIs.

    Practical Implications for ServiceNow Customers

    • Credential-less discovery provides a fallback mechanism to create or update host CIs when credential-based probes cannot access a device, ensuring continuous infrastructure visibility.
    • Administrators can control which ports are scanned during credential-less discovery to optimize network traffic and security.
    • Once credentials are restored, more detailed and accurate CI data will update existing entries created by credential-less discovery, maintaining data integrity.
    • Ensuring the relevant system property is enabled allows organizations to leverage this discovery mode as part of their overall discovery and service mapping strategy.

    Credential-less host discovery occurs when a scanned host is found to be alive, but not active, or when all configured credential-based classification probes have failed.

    How the host Discovery pattern is launched

    If the Shazzam probe scans a host that is alive but not active, and if credential-based classification probes fail, horizontal Discovery launches the Credentialless Discovery Network Device pattern to gather host information. If the host being scanned does not have a CI defined, Service Mapping launches the HorizontalDiscoveryProbe probe, which in turn launches the Credentialless Discovery Network Device pattern. This pattern attempts to create a new CI if one does not already exist for the scanned host or to update an existing CI in the Hardware [cmdb_ci_hardware] table.
    Important:
    To allow the Credentialless Discovery Network Device pattern to launch, ensure that the mid.discovery.credentialless.enable system property is set to true. To disable, ensure this property is set to false.
    Table 1. ECC Queue entries
    The system creates these entries in the ECC queue during execution of the HorizontalDiscoveryProbe.
    Figure 1. Credential-less Discovery
    ECC Queue entries created during execution of the HorizontalDiscoveryProbe
    Table 2. Log messages
    These log messages are published during execution of the HorizontalDiscoveryProbe.
    Figure 2. Credential-less host identifier
    Log messages during execution of the HorizontalDiscoveryProbe

    The Nmap command

    The Nmap command executed on the MID Server determines if the host is up. Using the IP address and a list of ports passed to Nmap by the pattern, Nmap performs reverse DNS name resolution to identify the host name associated with the IP address. If multiple host names are configured, the first name returned by Nmap is used. If no host name is configured, then the IP address of the remote host is used to create the host CI. The Npcap packet capture library, included with the Nmap installation, identifies the host operating system family. If the scanned host is located on the same subnet as the Windows MID Server host that executes Nmap, the remote host's MAC address is returned.
    Note:
    The list of ports that Nmap is configured to scan during credential-less host Discovery is stored in the IP Service [cmdb_ip_service] table, which is editable. By default, all ports are available for scanning. To block the use of any port for an Nmap scan, set the value in the Credentialless Discovery [cl_discovery] column to false.
    Figure 3. Credential-less port list
    Configurable list of ports for credential-less Discovery

    Creating or updating host CIs

    After successful execution of the Credentialless Discovery Network Device pattern, the SetCredentialLessDeviceClassName MID Server script runs to identify the operating system family of the discovered host. The system class of the host CI is based on the operating system family that is returned by Nmap. If the OS family matches one of the six supported server operating systems, then the system uses a server class derived from the Hardware [cmdb_ci_hardware] base class, such as Linux Server [cmdb_ci_linux_server]. If no match is found, the system uses the base class.
    Note:
    When the issue with the credentials is resolved and Discovery runs again, the instance uses the serial number, host name, and system class provided by credential-based discovery to update the host CI that was created by credential-less Discovery.
    Table 3. Supported OS families
    OS family CI table
    AIX cmdb_ci_aix_server
    HP-UX cmdb_ci_hpux_server
    Linux cmdb_ci_linux_server
    Solaris cmdb_ci_solaris_server
    OS X or iOS cmdb_ci_osx_server
    Windows cmdb_ci_win_server
    Undefined cmdb_ci_hardware

    Hardware identification

    The Discovery - IP Based [com.snc.discovery.ip_based] plugin adds an identifier to the Hardware Rule for the Hardware [cmdb_ci_hardware] base table that matches on the host CI name for Nmap scans. The Hardware Rule is used by both credential-based and credential-less Discovery.
    Figure 4. Credential-less hardware rule
    Hardware rule identifier for Credential-less Discovery