If you’ve ever tried to discovering a computer using our Discovery Wizard and the results were not what you expected (the computer failed to be discovered)… here are some great steps to get you started.
Is the computer listed in Active Directory?
- Open the “Active Directory Users and Computers” management console
- This tool is installed by default on Windows Server 2003.
- The tool can be installed on Windows XP Pro from the Server 2003 Resource Kit.
- Select the “Saved Queries” folder, right-click on it and select “New->Query”.
- Enter a name for the query
- Click the “Define Query” button.
- Click the drop-down list marked “Find:” and select “Computers”.
- Enter the name or search prefix, e.g. “pacer0” and click “OK”
- Click “OK” again.
- Verify the computer appears in the list of results.
Fix: Add the computer to Active Directory. Make sure the DNSHostname property is set correctly for the computer; this property can be viewed on the “General” tab of the computer’s property dialog in the “Active Directory Users and Computers” management console.
Is the computer contactable via the network?
- Use the ping command to try and reach the computer using the same name provided to the discovery wizard.
- If the machine responds to a ping command, use the IP address to run ping with the “-a” switch and the IP address, e.g. “ping -a <IP address>”. This will display the DNS name of the machine; it should match what was used in the original ping command.
- Use “nbtstat -a <computer name>” to see the registered NetBIOS name and domain for the computer, “nbtstat -A <IP address>” will accomplish the same task with the IP address of the machine.
If the machine does not respond to a ping request or fails a remote agent install with “RPC Service Unavailable”, the Windows Firewall is turned on. Turn off the firewall or set exceptions to allow for “File and Printer Sharing” and, optionally, ICMP Echo.
If the NetBIOS and FQDN names do not match, then the DNS records for the machine must be corrected.
If the agent installs but, fails to contact the OpgMgr Server, connect via Terminal Services or Remote Desktop to the agent computer and use the ping and nbtstat commands to verify that the agent can resolve the NetBIOS and FQDN names of the OpsMgr server that will manage it.
Does the account used for discovery have appropriate permissions on the target computer?
- Open a command window with the “Run As” option using the account used for discovery, normally this is the MOM server action account.
- Use the command “net view ComputerName” to verify that the account can connect using the API NetworkStationGetInfo. This command may return the result, “There are no entries in the list.” This simply means that, the machine does not have any publicly visible shares.
- If the result is “Access denied.”, then the account used does not have permission to contact the machine.
- If the result is “The command completed successfully.” then the computer is properly configured for discovery.
Through Group or Local Policy, grant the OpsMgr server action account the permission to access this computer from the network. By default, members of the local Administrators and Power Users groups should have this permission.
If the failure occurs during agent install, add the OpsMgr server action account to the local Administrators group. If this is not possible due to security policy restrictions then:
1. Reject the pending install from the “Pending Management” view.
2. Run the discovery wizard again
3. On the “Administrator Account” step select “Other” and provide an account (domain or local) that has administrator privilege on the computer
4. If the account is a local account or does not have rights to access Active Directory then check the box to use the MOM server action account for the discovery task
5. Discover the computer and push an agent to it.