This documentation supports the 21.3 (12.3) version of BMC Discovery.

Adding Windows proxies

Because the BMC Discovery appliance is installed on a UNIX machine, you need a Windows Proxy to be able to communicate with and discover Windows systems in your environment.

BMC Discovery and the Windows proxies communicate with each other using Transport Layer Security (TLS). To avoid performance issues, you must create Windows proxy pools on your appliance and then create Windows Proxies in the pool. You can add a Windows proxy to an existing or a new pool. Proxy pools are tried in the order listed in the UI. You can also change the order of the proxy pools in the UI.

Unless firewalls or security policies prevent it, the easiest way to register a proxy is from the BMC Discovery Proxy Manager. For more information about how to register a Windows proxy, see managing known appliances.

The end-to-end flow for creating a Windows Proxy is as follows:

  1. Install a BMC Discovery Proxy.
  2. If it does not exist, create a Windows Proxy in the Proxy Manager.

  3. If it does not exist, add the appliance to Known Appliances in the Proxy Manager.

  4. Create a Windows Proxy Pool.

  5. Add the Windows Proxy to the pool.
  6. For Windows credentials proxy, add credentials.

Before you begin

Before you create a Windows Proxy Pool and assign Windows Proxies to it, you must install the BMC Discovery Proxy Manager. For more information about installing the manager, see Installing Proxy Manager.

To create a Windows Proxy Pool 

  1. From the main menu, select Manage > Outposts & Proxies.
    The Outposts tab is displayed by default.
  2. Click the Windows Proxies tab.
  3. From the top-right corner of the page, click Add.
    The Create Windows Proxy Pool page is displayed.

  4. Specify the details for the new Windows Proxy Pool.

    NameThe name for the Windows Proxy Pool. Ensure that you specify a unique name in this field.
    Matching Criteria

    Select Match All to match all endpoints. Deselect it to enter values that will be used to determine if this credential is suitable for a particular endpoint. They can be one or more of the following, separated by commas:
    • IPv4 address: for example
    • IPv4 range: for example,, or 192.168.1.*.
    • IPv6 address: for example fda8:7554:2721:a8b3::3.
    • IPv6 network prefix: for example fda8:7554:2721:a8b3::/64.


    The following address types cannot be specified:

    • IPv6 link local addresses (prefix fe80::/64)
    • IPv6 multicast addresses (prefix ff00::/8)
    • IPv4 multicast addresses ( to

    For additional information about the Matching Criteria field, see here.


    Proxy pools must contain either Credential or Active Directory proxies. You must select one of the following proxy types:

    • Windows Active Directory Proxies —Use for systems within your network domain.
    • Windows Credential Proxies (Credential Proxies) —Use for systems outside your network domain. 
    DomainsEnabled only for the Active Directory Proxy Pools. Specify the domain or a space-separated list of domains that the Windows Proxy Pool will discover.
    DescriptionA free-text description of the Windows Proxy Pool.
  5. Click Apply to save changes.

Additional information about the Matching Criteria field 

As you enter text, the UI divides it into pills (discrete editable units), when you enter a space or a comma. According to the text entered, the pill is formatted to represent one of the previous types or presented as invalid.

Invalid pills are labeled with a question mark. You can also paste a list of IP addresses or ranges into this field. If any pills are invalid, a message stating the number of invalid pills is displayed above the range field. Clicking the link applies a filter that shows only invalid pills, which you can then edit or delete. The filter can be removed by clicking clear in the Showing n of n label below the Range field. There is no paste option on the context-sensitive (right-click) menu.

  • To edit a pill, click the pill body and edit the text.
  • To delete a pill, click the X icon to the right of the pill, or click to edit and delete all of the text.
  • To view the unformatted source text, click the source toggle switch. The source view is useful for copying to a text editor or spreadsheet. Click the source toggle switch again to see the formatted pill view.

Underneath the entry field is a filter box. Enter text in the filter box to only show matching pills.


  • Do not paste a comma-separated list of IP address information into the Range field in Firefox. This can crash the browser. You can instead use a space-separated list.
  • Pills are not supported in Opera.

To add a Windows Proxy

  1. From the main menu, select Manage > Outposts & Proxies.
    The Outposts tab is displayed by default.
  2. Click the Windows Proxies tab.

  3. In the Windows Proxy Pool for which you want to create a Windows Proxy, click Actions > Add Windows Proxy.
    The Create Windows Credential Proxy page is displayed.

  4. Specify the details for the new Windows Proxy.


    Proxy Pool

    Select the Windows Proxy Pool from the list.

    Proxy Name

    Enter the name that the Windows Proxy will be referred to in the user interface. This name must be unique. The system validates this name to be unique.

    Proxy Address

    The address of the Windows Proxy, which can be specified as one of the following:

    • Hostname or FQDN
    • IPv4 or IPv6 address


    The port on which to communicate with the Windows Proxy. If you specified a port setting in the BMC Discovery Proxy Manager for the proxy that is other than the default option, make sure that you match that port setting in this field when adding a Windows Proxy.

    • For AD Windows Proxy, the default port number is 4321.
    • For Windows Credential Proxy, the default port number is 4323.


    The contents of the certificate that was generated automatically by the Windows Proxy Manager. To have the appliance automatically retrieve the certificate, leave this field as Not Set.


    To enable the Windows Proxy, select the check box.

  5. Click Apply to save changes. 

Windows proxies managed by the BMC Discovery Outpost

For Windows credentials, the BMC Discovery Outpost creates and manages one credential proxy service for one or more Windows credentials.

For AD credentials, the BMC Discovery Outpost automatically creates, updates, and deletes an AD Proxy service for each AD credential. An "AD credential" in this context is created when you choose Active Directory as the credential type in the BMC Discovery Outpost credential UI.

The username and password are not stored in the vault. A Windows service is started, and Windows itself stores an authentication token associated with the service. The "credential" is retained in the Windows service control manager.


The error, The username is not valid will appear when creating an AD credential from a BMC Discovery Outpost that does not belong to Active Directory.

Was this page helpful? Yes No Submitting... Thank you