Troubleshooting the Exploration Phase in Discovery


Video Tutorial: Troubleshooting a failed Discovery: Exploration Phase



This article pertains to Discovery with probes and sensors (not patterns).

CI Classification triggers the initial probes that are launched during the exploration phase. All exploration probes that meet the following conditions are triggered after the identification probe:

  1. Phase = Exploration
  2. Active = True
  3. Condition script is empty or evaluates to true

Additional exploration probes can also be triggered via the Process Classification or within the script of a sensor.

During exploration, most probes use the same credentials used during classification and identification, however there are probes that have additional requirements.

  1. VMware vCenter and ESX/ESXi
    • While discovering a Windows Server, if an active process is classified as vCenter, the VMware - vCenter probe is launched. The credential used for this probe is of type=VMware.
    • During the processing of the results from the VMware - vCenter probe, for each ESX server that is found, a CIM - ESX Chassis Serial Number probe is launched. This probe uses the credential type=CIM
    • For additional details, see Discovery for VMware vCenter.
  2. Microsoft SQL
    • While discovering a Windows Server, if an active process is classified as Microsoft SQL Server, the Windows - MSSQL probe is triggered. The requirements for this probe are outlined in our document MSSQL server discovery.
  3. SSH commands that require sudo:


The same commands within Discovery probes can be executed outside of the ServiceNow instance on the MID Server host. Typically this is the best way to troubleshoot.





Watch Out For

A credential that is successful during the Classification and Identification does not imply that it is successful during Exploration. 

Common Exploration Phase Errors

Below is a list of common exploration phase issues as well as suggestions on how to resolve them.