I am having a hard time discovering Windows hosts. Do I need to install a slave on every host that I want discovered? I have installed the credentials slave on a Windows 2003 server and started the service on that machine. The firewall is down but when I run a discovery the Windows server is not found. Can any one help me.

It’s not necessary to install a slave on every host to discover it. The slave is used by the appliance in order to do Windows to Windows communications using native tools, so the appliance will use a single slave to discover many remote Windows hosts.

I’m going to assume that we are talking about version 7.1.6 here, as it’s the latest released version. If it’s something else I can comment on any differences. I’m also going to assume that you’re new to the product, so if I’m pitching at the wrong level do say so :-)

If you’ve installed a credential slave, there are two things that are required to discover a remote Windows host that we should check;

- The slave must be registered on the appliance. If this has not happened during installation it is easy to do later. To see if the slave is registered, navigate in the main UI to Administration > Discovery Slave Management. If the credential slave is registered, it will show up last in the list – in fact in your case I assume it’ll be the only one in the list. If it is not there, use the “Add Credential Slave” button and specify the IP address of the machine where the slave is installed. If the appliance is successfully communicating with the slave, then the “Connected” column should show “True” and it should display a version number for the slave. This indicates the slave is available for discovery to use to discover remote windows hosts. There’s some more info on this in the getting started guide available with the download on page 16.

- Once the credential slave is connected, it allows you to discover a remote host by providing a login credential. Without a credential it is likely that the slave will not be authorized to connect to and interrogate the remote host. To add a credential, navigate to Discovery > Credentials and click the “Add Credential” button. I would suggest starting by using an “IP Regex” of a specific IP (that you are trying to discover, not where the slave is installed), or just “.*” which means “try this with any host” while you’re testing out initially. Give it a username and password that has at least enough privilege on the host you are trying to discover to logon and run basic commands like ipconfig. To be really sure for now, use a System Administrator type account. Specify a domain in the user name something like this: “MYDOM\username”. There’s more information on this in the getting started guide available with the download, on page 17.

If both of these are satisfied, the next thing to do is to test the credential – On the Discovery > Credentials page, click “Test” under “Actions”, then enter the IP address of the host you’re trying to discover, and let us know what you get.

Where to go next depends on what results you’re getting, so let me know how you get on, or if any of my assumptions are wrong.

Hi Bob

The Windows Slave works like a proxy translating what the main Tideway Foundation system needs into Windows Protocols and back. So no, you don’t need one on each host like an agent.

I take it you don’t run Active Directory for your Windows Hosts, but just have local accounts on each Host? In which case the Credential version of the Windows Slave is correct.

What you need to do next is to give the login details to Tideway Foundation. So you need to go to the Discovery -> Credentials page in the main UI and add a new credential.

The best way to get started is to use ‘.*’ as your IP so it is always tried. Then enter a username and password that can log on to the host you want to discover. Make sure that in the ‘methods’ section you have ‘windows’ enabled. This tells Foundation to send the login details you just defined to the Credential Slave.

Have you added the Credential Slave you installed to the main Foundation? If not you will need to go the Administration -> Slave Management and add the Credential Slave so that Foundation knows where it is.

Then add a new scan for the host and everything should be fine.

What will happen is Foundation will contact the Credential Slave and pass it the login details. The Credential Slave will then login to the host you want discovered, get the data and pass it back to Foundation.

When you need to discover more Windows hosts then just make sure they have the same user account on them.

Let me know how it goes.

I have the same issue regarding Windows discovery and would greatly appreciate some guidance. The Credential Slave is successfully configured (Connected = true) and I’ve got 2 windows machines (VMs) targeted for discovery:

Machine 1: is actually the same machine that the Credential Slave is running on. Its part of Domain X and I’ve configured an Active Directory credential. The “Test Credentials” feature on the Discovery section shows success (“Remote command access succeeded”). However, when I run a scan, these are the results I get on the “Discovery Access” page:
Device Info getDeviceInfo OK tfokcmdb
Host Info getHostInfo OK Discovered Host Information
Interfaces getInterfaceList NoAccessMethod 0 Discovered Network Interfaces found

I get no WMI information, and I’m stuck.

Machine 2: is another VM on a different Domain (called “Dev”) and I cannot get “Test Credentials” to work. Per the guide, I’ve tried using the “localhost\” prefix before my login name as well as the “Dev\” prefix, neither work. I even created a local login (same login name and password as the AD one) without success. From the Credential Slave machine, I can ping the target machine just fine and manually login. Any suggestions on what I could try? I don’t have an admin account on Active Directory for this domain, hence the local account and the Credential Slave.

Thanks

Machine 2

This looks most likely to be a Windows level issue with your credential. I’d suggest a couple of things to resolve or eliminate this as a first step.

- Have a seperate local account with a different username to the AD one, this makes it less likely that the two get mixed up

- Try doing a Windows level connection between the two machines. Maybe open a share temporarily on Machine 2 and assign the local account to have rights on it. Then try and connect to that share from the slave machine using those credentials – I find using “net use” in a cmd window most reliable.

Machine 1

When you say it is the same machine as the credential slave do you mean the same operating system or are you running a seperate virtual machine for the credential slave and one for Machine 1? The reason I ask is that generally we don’t advise that a slave discovers the operating system instance it is running in, several of the Windows authentication methods change behaviour when the request is made locally and WMI is particularly sensitive to that.

It’s an outside chance but we’ve seen the Windows XP ForceGuest setting causing issues in the past see some details http://www.windowsnetworking.com/articles_tutorials/wxpsimsh.html

I’d suggest trying to get local credentials working on Machine 2 at the Windows level, then do Test Credentials and Discovery of Machine 2.

Would you be willing to provide screenshots or run some queries for me to help diagnose Machine 1?

Let me know how you get on.