Discovery Scans for Windows targets will return the data of the MID Server host, not the Target, when the MID Server falls back to the service user - Known Error

Discovery Scans for Windows targets will return the data of the MID Server host, not the Target, when the MID Server falls back to the service user Description If a customer uses only the service account on the MID server service for their Windows credential, and do not have any windows credentials in the credential table of the instance, all windows discovery probes return details from the MID Server host, and not the target that's meant to be scanned. The WMI classify probe returns the hostname of the MID server, not the target.

This issue is maintained even if the following properties are explicitly applied to the MID server: mid.powershell.use_credentials = false mid.powershell.local_mid_service_credential_fallback = true

The fallback facility to use the mid service credential is no longer working. It is acting as though there are no credentials being used at all. Since you can reproduce this with: mid.powershell.use_credentials = false mid.powershell.local_mid_service_credential_fallback = false

Steps to Reproduce

On a Madrid Patch 3 instance:

Install a MID Server on Windows, and run the service as a domain user that has local administrator rights on target discovered servers Do not add any Windows Credentials to the instance Discover a target IP, different to the MID Server host The CI of the MID Server host will end up being linked to the Device History for the IP scanned.

Inspect the "Windows - Classify" ECC Queue input record, and the hostname and other details of the MID server host will be returned.

If Windows - Identity probe also runs, the IP addresses returned by that will be of the MID Server, and not include the expected target's IP, proving we are not scanning the target.

Workaround This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.

To avoid the issue, make sure valid Windows Credentials exist in the instance Credentials table, and can be used by Discovery MID Servers.

If you have never needed additional Windows Credentials, you can still add the MID Server's Windows Service login as user as a Windows Credential in the instance.

It is possible you also hit this bug because you have Windows Credentials, but none are active or assigned to the MID Server used by Discovery. This may also be the case after a clone, when credentials records may still have references to the MID Servers that only exist in the source instance of the clone, and in that case the Credentials need to be set to 'All MID Servers' or add the specific MID Servers of the clone target instance instead.