Windows Discovery Requirement Changes over recent Years for MID Server Host and Target Servers - Support and Troubleshooting

Windows Discovery Requirement Changes over recent Years for MID Server Host and Target Servers .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The software and configuration prerequisites of Windows hosts in your environment have evolved over the years, as Microsoft enhance security, introduce new management technologies and OS versions, and remove or stop supporting old ones. Below is a summary of the key changes on the MID Server and Target Server sides.

Requirements Changes ServiceNow Version MID Server requirements changes Windows Target Fuji MID Server Property mid.use_powershell defaults to true, so Powershell 2.0 or alter is required. (PRB590641) PowerShell is now the preferred method for running Discovery over multiple Windows domains, because it allows a single MID Server to authenticate on machines on different domains using credentials stored on the instance. The ADM multiprobe runs "Windows - Active Connections" probe for the netstat data. admin$ share access is required on target . This probe will still run and collect this information even if ADM is not enabled Geneva mid.windows.management_protocol=winrm option added, although defaults to wmi. If used then the MID Server Host needs to be set to trust all hosts If WinRM used, it needs to be enabled on the target, which is on by default for Windows 2012 and Windows 2016 machines, but not for Windows 2008. Server 2003 with Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0) is the oldest Windows supported. Service Mapping pattern steps use the new WIM Collector Service, which requires .NET Framework version 3.5 Some Service Mapping Pattern steps require access to the admin$ share on the target. Windows Server 2003, 2008 and 2012 supported. Helsinki Windows Server 2016 support added. Server 2003 removed . WMI Collector Service adds support for .NET Framework version 4.0, 4.5 Horizontal Discovery Patterns supported by Discovery, requiring the WMI Collector Service Some Horizontal Pattern steps require access to the admin$ share on the target. Istanbul Jakarta Cloud Management Professional require Powershell Windows 2016 Server supported. Kingston WMI Collector Service adds support for .NET Framework version 4.6, 4.7 Windows Server NT, 2000, and 2003 documented as no longer supported . New instances use Patterns instead of most Probes London Madrid PowerShell remote execution framework is introduced, and the following requirements must be met: The MID Server must be able to write to and read from a network share of the target. The remote target must have PowerShell 2 to 5.1. Application Dependency Mapping (ADM) requires Powershell 3 to 5.1. PowerShell version 6.0 is not supported. Many of the cmdlets that discovery relies on have been removed from this version. Existing Powershell probes that used similar code to remote execution framework are changed to use the standard remote execution framework: "Windows - Active Connections" probe (PRB1291020/STRY6536024) An existing Cloud Discovery probe is corrected to execute remotely: "Windows - Azure" probe (PRB1270477) Madrid Patch 3 All WMIRunner Probes, including "Windows - Installed Software" and "Windows - Classify", now use Remote Execution framework automatically (PRB1308592) Madrid Patch 5 The ADM multiprobe runs "Windows - Active Connections" probe for the netstat data. admin$ share access is required on target. This probe will still run and collect this information even if ADM is not enabled. A dedicated Windows Share in the target can be specified to use instead of admin$ (PRB1335598). This requires all windows targets Discovered by a MID Server to have this share set up beforehand. New York Windows Server 2019 support added, but only for Patterns (and London Patch 8 Madrid Patch 3) (PRB1318561) Migration from Probes to Patterns is supported New "File Based Discovery" uses Remote Execution framework Orlando Windows Server 2019 support added (Madrid and New York support confirmed) The documentation/release note states the remote target must have PowerShell 3 to 5.1. WMI Collector service removed, and the new code that replaces it for running Windows steps in Patterns requires Powershell 3.0-5.1. Powershell 2.0 is no longer supported , which means Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 are now the oldest Windows server versions that MID Server will run on.

This change will also apply to New York Patch 10.

All Powershell probes that use launchProcess changed to use the Remote Execution framework (PRB1340548): Windows - MongoDB Version Windows - MongoDB Configuration Windows - Network ARP Table Windows - WebSphere - Cell Windows - WebSphere - Web Services Windows - WebSphere - Web Applications Windows - AWS Relationship Access to the instance certificate's OSCP server for revocation checking (currently ocsp.entrust.net) is required to validate Certificates. (PRB1305855) Help the Help Desk not available for new customers, as the first step of it being deprecated. Secure folder permissions are set by the MID Server on startup.(PRB1327742) Microsoft Just-Enough-Administration (JEA) Credentials are supported for basic discovery MID Server service user no longer needs to be local Administrator (PRB1305853). This change will also apply to New York Patch 9 . Paris New Windows MSI installer used instead of ZIP file by default, which enforces non-admin user and file permissions. Controlled access Agent Client Collector (ACC-F) 2.1.x requires Windows 10 or Server 2012-2019. Pre-Madrid Patch 3 functionality for WMIRunner Probes is now back, and supported, without requiring any customisations or update sets (those need reverting). WMI Probes will automatically fall back to run the legacy WMI code if your remote Windows systems are not running PowerShell or your MID Server cannot access the admin$ share folder. Quebec ACC-F 2.4.1 adds support for Windows 10 20H2 (OS build 19042). Rome As of January 14, 2020 Microsoft announced an end of support for Windows Server 2008 and 2008 R2.

A notification email went out to customers in November 2020 warning that from Quebec (~March 2021) there will be no 32 bit installers, and from Rome (~September 2021) there will be no upgrade for 32 bit versions, and those will need replacing before a Rome upgrade.

Server 2008/2008 R2 is already removed from the MID Server Requirements documentation, to reduce the number of new installs on that operating system. Support is also removed for 64 bit version of these.

More details are in KB0863694 MID Server support on 32 bit systems will end in September 2021