Limitations and restrictions of this version

Operational warning

Modification of datastore files and logs

Under no circumstances should you add, remove, or amend any of the datastore files or datastore log files without explicit clearance from BMC Customer Support.

The following are examples of datastore file names:

• pa55bc128f62ce9c427a1d742_nHost_hidx
• pa55bc128f62ce9c427a1d742_nHost_hist
• __db.001
• DB_CONFIG
• main

The following are examples of datastore logfile names:

• log.000002301
• log.000002302

The location of the datastore and the datastore log files can be obtained by reading the /usr/tideway/etc/link.conf file. Under no circumstances should you modify this file once a system has been commissioned.

Datastore files on remote filesystems

It is not recommended to store the datastore files on remote filesystems, for example, NFS. This is not a supported configuration and is likely to degrade performance. Datastore files should be stored on fast local or SAN storage, preferably using SSDs.

Limitations and restrictions

The following list provides links to the limitations and restrictions of this version:

Supported browsers

The following recommended browsers have been thoroughly tested with BMC Discovery and the BMC Discovery Outpost. When you use one of these browsers, any application functionality problems are considered bugs.

• Firefox (latest version)
• Chrome (latest version)
• Microsoft Edge (latest version on the stable channel)

Multiple languages not supported in UI

The BMC Discovery UI does not support multiple languages, including languages that use a right-to-left script.

Failed login attempts from Service Account for Windows credential scans 

In the course of a successful Windows host discovery, Credential Proxies log in to the target using the configured credentials as expected. However, the Credential Proxy will also attempt to log in using the local account the Proxy was running as, or the Local System account if the local account was changed. The log-in attempt always fails and is harmless. 

Upgrading the BMC Discovery Outpost host

After OS upgrades to the Windows host on which the BMC Discovery Outpost runs, you might see the following Nmap error: "dnet: Failed to open device lo0".

You can fix this with the batch file located in: C:\Program Files\Npcap\FixInstall.bat. The issue has been observed in upgrades from Windows Server 2016 to 2019, and some feature upgrades. More information is available here.

BMC Discovery Outpost on hosts with non-Ethernet adapters

If the host on which the BMC Discovery Outpost is installed includes a non-ethernet adapter, then you may see errors including the text, "Only ethernet devices can be used for raw scans on Windows."

Entering complex markup in manual groups may prevent PDF from being generated

If you enter complex reStructuredText markup in manual groups, errors may prevent the PDF from being generated. You can avoid this by using simpler markup. 

OpenBSD cannot run dmidecode 

You cannot run dmidecode on OpenBSD targets, even with root privileges. 

SNMP discovery of Solaris 11 targets

The discovery of unpatched Solaris 11 systems using SNMP does not succeed. Applying Solaris 11 OS patches to update the SNMP agent to the current version should fix this.

Appliance system disk larger than 2TB not supported

The BMC Discovery appliance does not support installation on a system disk that is larger than 2TB, either by installation from the kickstart DVD or by extending the virtual disk for a virtual appliance. Disks larger than 2TB can be used for additional disks on the appliance.

Using WMI over IPv6

Due to limitations in Windows, WMI over IPv6 is not supported on the following versions of Windows:

• Windows Server 2003
• Windows XP
• Windows 2000

To discover these versions of Windows using WMI, you must use IPv4.

SNMP discovery restrictions — AIX VIO, AIX 5.3, AIX 6.1

• Some AIX-specific attributes are not set on DiscoveredNetworkInterface nodes (for example, interface_type, virtual_adapters, physical_adapters, shared_adapters, and physical_location).
• Duplex and negotiation are not detected for network interfaces.
• Where IPv6 connections exist on a discovered host, DiscoveredNetworkConnections are created with illegal IPv4 addresses like 254.253.154.176, due to bugs in the AIX MIB.
• The following limitations result from the SNMP agent for these platforms only implementing older (deprecated) MIBs such as IP-MIB::ipAddrTable
  • IPv6 addresses, connections, and listening ports are not discovered.
  • Processes are not associated with network connections or listening ports.

SNMP discovery restrictions — AIX VIO

• Fewer network interfaces might be discovered via SNMP than via a login credential.

SNMP discovery restrictions — Solaris 10

• Duplex and negotiation are not detected for network interfaces.
• Fewer IPv4 addresses might be discovered via SNMP than with a login credential.
• Discovery is not possible via IPv6 as there is no support for an IPv6 transport in the version of net-snmp provided with Solaris 10.
• The following limitations apply because the SNMP agent for these platforms only implements older (deprecated) MIBs such as IP-MIB::ipAddrTable.
  • IPv6 addresses, connections, and listening ports are not discovered.
  • Processes are not associated with network connections or listening ports.

SNMP discovery restrictions — Solaris 9

• Duplex and negotiation are not detected for network interfaces.
• The following limitations apply because the SNMP agent for these platforms only implements older (deprecated) MIBs such as IP-MIB::ipAddrTable.
  • IPv6 addresses, connections, and listening ports are not discovered.
  • Processes are not associated with network connections or listening ports.

Scanning without credentials often identifies hosts as an "Unsupported device"

Scanning without credentials often identifies hosts as an Unsupported device. To obtain full information, scan using valid credentials.

Hyper-V Windows virtual machines always report NIC speed as 10 GBps

Hyper-V Windows virtual machines always report NIC speed as 10 GBps regardless of the actual speed. Consequently, for Hyper-V Windows VMs, the host and switch mismatch field shows incorrect results.

Non-ASCII Unicode characters in CAM

In Collaborative Application Mapping (CAM), if you create components such as group names or functional components, that contain non-ASCII Unicode characters, the Business Application Instance (BAI) that results from running the pattern displays unreadable characters.

Tcpvcon cannot be pushed to Windows 2000 hosts (13963)

Tcpvcon cannot be pushed to Windows 2000 hosts. The workaround is to deploy the utility manually. QM001683624

Tcpvcon version later than 2.34 cannot return port information (QM001716854)

To discover port information (getProcessToConnectionMapping) from computers running Windows 2000 or earlier, you must have version 2.34 of Tcpvcon installed on them. If a more recent version of Tcpvcon has been installed on the target, you must replace it with version 2.34 to discover port information.

Version 2.34 of Tcpvcon is shipped along with the BMC Discovery Windows proxies. To replace the recent version with version 2.34, perform the following steps:

1. On the computer running a Windows proxy, copy the tcpvcon.exe file, version 2.34, from the following location:
   C:\Program Files\BMC Software\ADDM Proxy
2. On the target host, navigate to the location of the recent version of the tcpvcon.exe file and replace that file with the version 2.34 file that you have copied.
3. Run discovery again.

RemQuery(): user = TSL\admintest: Timed out status = FAILURE

Failed to parse command output status = FAILURE

Scanning a real host previously scanned using pool data (6079)

When you upload scanner files to the appliance and run it in playback mode, .no-expiry files are created for each IP address. This means that this pool data will not be deleted at the next scan, and subsequent discovery runs will operate by playing back the pool data rather than by scanning the real IP address. This is true if the appliance is operating in Record or Playback mode. If you subsequently attempt to scan the real IP address, the pool data will not be updated if the .no-expiry file is present. If you are scanning an IP address and it is not being updated, you should check the pool data for the existence of a .no-expiry file and delete it. The pool data structure is:

/var/pool/xx/xx/xx/xx/.no-expiry
/var/pool/xx/xx/xx/xx/<data>

where /xx/xx/xx/xx is the IP address of the host.

For more information on scanning hosts from scanner files and how to handle pool data, see Standalone UNIX scanning.

Concurrent lock attempts can lock all users from editing the port scan settings

In the port scanning page, if a user locks it for editing and another user subsequently tries to lock it, the second user's attempt fails. If the user who successfully locked the page cancels the operation and leaves the page, it remains locked for the unsuccessful user, and on refresh for the successful user too.

Changes to user group memberships

If the privileges of a BMC Discovery user are extended by changing the user's group memberships, then these changes might not take effect for up to 5 minutes. However, if privileges are withdrawn from the user these changes take immediate effect.

ECAError nodes show tracebacks of the error that occurred

This could cause concern during ethical hacking tests but is not actually a problem because the code shown is from patterns, which are already visible to the user, not internal to the product.

NDD discovery interface support

NDD discovery does not support trp interfaces.

Computer CIs do not always reconcile correctly

On certain UNIX systems, BMC Helix CMDB cannot reconcile the same Computer System CIs from the BMC Performance Management (BPM) and BMC Discovery datasets. If the <hostname> command is not configured correctly on these systems, the command returns the fully qualified domain hostname (FQDN) instead of just the host name, resulting in duplicate Computer System CIs in the BMC.ASSET dataset.

Possible solutions include correcting the command output on the affected system or disabling reconciliation with data from BPM. If you are unsure, contact your Customer Support representative to discuss additional options.

Record data should not be processed with tools that change line endings

BMC Discovery stores record data in UNIX and DOS formats. UNIX format files have LF line endings, and DOS format files have CR LF line endings. If you process the record data with a tool that changes line endings, you will see exceptions in the Discovery logs.

WMI might report incorrect memory

WMI might report the physical memory available on Windows hosts incorrectly.

WMI arguments might be truncated

In unusual situations, the first argument to a process might not be reported to discovery by the target Windows host. This happens when a Windows process was created with CreateProcess with the ApplicationName parameter specified but without the module name used as the first argument passed in the CommandLine parameter.

Home directory of Discovery user on target computer must not be read-only

The home directory of the user that is used for discovery on target hosts must not be read-only. If it is read-only, scripts (such as which on Solaris 9 and 10 hosts) that write to the home directory will fail.

Solaris 10 and 11 truncate process information for non-privileged users

In Solaris 10 and 11 (11.0 to 11.3 prior to SRU5.6) /usr/ucb/ps will now only output the first 79 characters of commands unless it is run as root. The reason for this change is to prevent the inadvertent leak of private process data. Where process information is truncated, discovery will be incomplete for that host.
You must add the proc_owner right for the user account used for discovery, for example, the tideway user. To do this and retain all of the default privileges, as root, enter:

usermod -K defaultpriv=file_link_any,proc_info,proc_session,proc_fork,
proc_exec,proc_owner tideway

No spaces are permitted in the defaultpriv argument.

Solaris 8 and 9

Patches have been rolled out to replicate this behavior on Solaris 8 and 9.

• Solaris 8 patch — 109023-05
• Solaris 9 patch — 120240-01

To work around this, you should deploy sudoers privileges for /usr/ucb/ps.

Process information truncated in AIX

On AIX the ps command limits output to the horizontal screen size. This can be overridden using the COLUMNS environment variable, though the maximum permissible value for this is 2047.
Piping the output of the ps command through cat removes the columns restriction on AIX hosts with a May 2007 Service Pack.

OpenVMS support

Support for OpenVMS is limited to systems running the native vendor TCP stack.

IP address change requires appliance restart

Where the IP address of the appliance is changed, for example, by DHCP or a manual change, the appliance must be restarted.

Processor type correctly reported only by non-srvinfo access methods

Processor type is correctly reported when using WMI and non-srvinfo Discovery methods. However, if you discover the same host with srvinfo then it is reported incorrectly.
Ensure that the WMI or non-srvinfo access method is enabled.

Disabling "Ping hosts" setting slows discovery

If you disable the Ping hosts before scanning setting in the Discovery Configuration page, BMC Discovery will try a number of methods before determining that there is no device at that IP address. If pinging is enabled, BMC Discovery determines that there is no device immediately.

AIX user password must be changed by user after creation by root

On AIX, when a user password is changed by the root user, that password must be changed by the user at the next login. If the password is not changed and discovery is attempted using that user name and password, it fails when prompted to change the password.
To prevent this from happening, if you are the root user and add a new user, log in as that user and change the password.

SNMP credential does not validate IP address key

When adding or editing a login or SNMP credential, the IP Address key does not validate the format. You are permitted to enter special characters, alphanumeric, and invalid IP address formats (172.17.1.3.3.4). Only enter valid IP addresses.

Manual cron changes are overwritten

If a cron job is manually edited this will not be noticed, and any change will be silently thrown away. This could be an issue where a manual change is made by someone not realizing there is a cron management process.
The script should be scheduled using the cron feature (in $TIDEWAY/etc/cron/) as the tideway user.

Search facility searches hidden attributes

The search facility searches hidden attributes and system fields, even though the users cannot normally see this information.
This was observed when searching for a subnet to add relationship to from a host. The search string 127 was entered and the following two subnets were returned:

• 192.168.115.0/24
• 172.16.203.0/24

The search string does not appear in the subnets, but might have been found in hidden attributes associated with the subnets. This behavior can be confusing.

Modifying standard reports

If you place an updated reports.xml file on a system without stopping the tideway services, you might see a traceback in the UI. To avoid this stop the tideway services before adding a new or modifying the existing reports.xml file.

Xen para-virtualized hosts discovery limitations (QM001744086)

BMC Discovery has the following known limitations in discovering the Xen para-virtualized hosts:

• The hosts are not discovered as virtual.
• The corresponding UUID is not correctly discovered.
• The relationship between the Xen server and the virtual machine containers (software instances), including the virtualized hosts running on it, is not discovered.

There are no workarounds to overcome this limitation.

IBM AIX machine serial number changes when moved from one host container to another (QM001775765)

When an IBM AIX machine is moved from one host container to another, the discovered serial number of the host changes. As a result, a new host node is created and synchronized to BMC Helix CMDB (if CMDB synchronization is configured). The earlier host node is automatically removed through aging based on the Model Maintenance settings.
It is possible to manually destroy the earlier host node before it is removed through aging. However, manual destruction of host nodes is not recommended in production appliances/instances. For more information, see Destroying data.