Troubleshooting cloud discovery failures

When you observe failures in cloud discovery, use the troubleshooting steps described in this section to either resolve the problem or create a BMC Support case.

Issue symptoms

• AWS Credential test fails with the error Could not connect to the endpoint URL: "<AWS_URL>"
• AWS Credential test and scan fails with the error AWS.EC2.DescribeAccountAttributes: ('Connection aborted.', error(104, 'Connection reset by peer'))
• AWS Credential test fails with the error AWS.EC2.DescribeAccountAttributes: ('Connection aborted.', error(110, 'Connection timed out'))
• AWS Scan fails with the error ClientError: An error occurred (SignatureDoesNotMatch) when calling the AssumeRole operation: The request signature we calculated does not match the signature you provided
• Azure Scan fails with the error Failed to get dynamic parameter subscriptionId: No values
• Azure Scan fails with the error Failed to get dynamic parameter subscriptionId: Azure.Subscriptions.ListAll: HTTPSConnectionPool(host='<Host>', port=443): Max retries exceeded ConnectTimeoutError
• Not all cloud data is discovered after scanning
• Cloud scan fails with the error NoAccess

Issue scope

• Cloud credential test fails.
• Cloud data is not discovered or inferred.

Resolution

Perform the following steps to troubleshoot the cloud scan failures:

Step 1: Verify the prerequisites

Perform the following steps to check if you have set up the following prerequisites:

1. Check if multi-cloud discovery is enabled – By default, BMC Discovery for multi-cloud is disabled because it is a separately licensed product. If your organization is licensed for cloud discovery, enable the Cloud Resources discovery from the Administration > Licensing page in the Discovery UI. For more information, see Managing licenses.
2. Cloud credential permissions – Ensure that the created cloud credential has required permissions. For information on permissions, see:
   • Prerequisites for AWS credential 
   • Prerequisites for Azure credential
   • Prerequisites for Google cloud credential
   • Prerequisites for IBM cloud credential
   • Prerequisites for OpenStack credential
3. Access to cloud – Ensure that the Discovery appliance or instance has access to the internet/cloud.
   If direct internet access cannot be provided on the appliance or instance, then configure the HTTP proxy details while creating the cloud credential. For information on what cloud URLs/Endpoints BMC Discovery needs to access, go to Administration > Cloud Providers > <Cloud provider> from the Discovery UI and expand the Configuration Information section.
4. Cloud discovery patterns – From the Discovery UI, go to Manage > Knowledge and ensure that the latest TKU patterns are active.

Step 2: Test and review the BMC Discovery configuration

Perform the following steps to verify that BMC Discovery is configured correctly for the operation:

1. Credential details – Ensure that the cloud credential is configured with the correct details in Discovery. For example, for AWS role-based authentication, specify the role in the Assume Role (ARN) field when creating the AWS credentials. For more information, see Adding credentials.
2. Appliance time setting - Ensure that the appliance time is synchronized using NTP. If you do not use NTP, you must ensure that the time is no further than five minutes of the time AWS is using. AWS uses timestamped authentication and any discrepancy can result in authentication failures. For more information, see Performing time synchronization.

If the problem persists, collect the discovery, model, and reasoning logs in debug mode. You can review the logs and try to identify the error messages. If the problem persists, contact BMC Customer Support and provide the results of the tests in this procedure.