A DiscoveryAccess is a single access to a discovery endpoint. When an endpoint is scanned, a Discovery Access node is created. This node records information about the interaction that BMC Helix Discovery has with that endpoint.
When BMC Helix Discovery is unable to access a host, the DiscoveryAccess is a good starting point for troubleshooting. If a DiscoveryAccess is about to be deleted as part of DDD aging, a red banner stating, "
This node will be removed shortly as part of DDD aging." is displayed.
To view a DiscoveryAccess page
You can view DiscoveryAccesses from a number of places in the user interface.
From a host node
From the view page for a host node:
- Scroll down to the Inference section.
- Click the main link in that section; for example, 172.17.3.116 SUCCESS 17/10/2022 10:48 - 17/10/2022 10:55.
The Example DiscoveryAccess is shown.
From the Discovery Recent Runs page
From the Recent Runs tab of the Discovery Status page:
- Click a discovery run.
- Scroll down to the Endpoint field.
- Click the DiscoveryAccess link.
If the link goes to a single DiscoveryAccess, then that Example DiscoveryAccess is shown. If there are multiple DiscoveryAccesses, then a list page is displayed.
- Click a DiscoveryAccess line to view the Example DiscoveryAccess.
The following screens show DiscoveryAccess pages for a UNIX host, a Windows host with multiple credentials, a Windows host discovered with PowerShell, a network device, an indirectly scanned host (an AWS EC2 host), and a mainframe computer. The Windows example shows multiple credentials.
The endpoint (IP address) scanned in this discovery access.
A link to the Discovery Run that this DiscoveryAccess is part of.
Previous Discovery Access
A link to the previous DiscoveryAccess with the same endpoint. It is not displayed if it is the first in a list.
Next Discovery Access
A link to the next DiscoveryAccess with the same endpoint. It is not displayed if it is the last in a list.
A read-only summary showing the node kind, OS type, and version.
The scope from which the endpoint was scanned.
The time at which the scan started.
The time at which the scan finished.
The time it took to discover and process the data (Start Time to End Time).
A link to the inferred entity that was created or updated as part of the scan. It is not displayed if nothing was created or updated.
Displays the DiscoveryAccess that caused the implicit scan if this DiscoveryAccess is an implicit scan (an EC2 host discovered through AWS Systems Manager, or an ESX and ESXi host discovered through VMware vCenter). Only shown for implicit scans.
|Reason for Implicit Scan||Links to the DiscoveryAccess that caused the implicit scan. Only shown for implicit scans.|
|Caused Implicit Scans|
Only shown for a DiscoveryAccess that caused implicit scans. Provides links to the DiscoveryAccess or DiscoveryAccesses that it caused.
The current state of the DiscoveryAccess. The state can be Started or Finished.
The end state of the discovery run. The end state can be one of the following:
For information about how the end state and result relate to the discovery scenario, see the table in the following section.
The result of the DiscoveryAccess. The result might be Skipped, NoResponse, Success, NoAccess, or Error.
If errors were detected by the ECA engine during discovery, this will link to those errors.
If there were any failures in attempting to get a session on the endpoint, a link to a list of failures and successes is provided. See the following section for details.
Discovery Details Section
BMC Discovery Outpost that this Discovery Access originated from.
A link to the credential or credentials used in this Discovery Access. The link name is a hash of details of the credential; it does not provide the credential itself. You are not shown the BMC Discovery Outpost Credential pages if you do not have permissions to view them.
|Discovery Controlled By|
Name of the BMC Discovery Outpost that controls the discovery.
Session Establishment Duration
The time it took to establish a session; that is, to log on to the host.
Total Discovery Duration
The time taken to establish a session and run commands.
On Hold Since
If the discovery has been paused, the time at which it was paused.
On Hold Duration
If the discovery has been paused, the elapsed time since it was paused.
|Skipped Entity||A summary of the entity that was skipped.|
The discovery method used. The methods available on each platform are shown on the following pages:
The status of the discovery access for the method. This is OK or the failure reason.
The name of the script used, if any.
The access method used to connect to the endpoint (for example, ssh, telnet, rlogin, and so on).
A link to the node or nodes created by this discovery method.
The additional discovery method used. These discovery methods are called by patterns; for example:
The status of the discovery access for the method. This is OK or the failure reason summarized into links.
The RequestSkipped status means that the request was skipped as it was inappropriate for the target. For example, when scanning a Linux host, the
The name of the script used.
The access method used to connect to the endpoint (or example, ssh, telnet, rlogin, and so on).
A link to the node or nodes created by this discovery method.
The following table shows the possible discovery scenarios and the resulting
result attributes of the Discovery Access node:
In addition to
result attributes on the DiscoveryAccess, there is also a
reason attribute that contains further details. There is no fixed set of values for
The following state diagram and table might be of use in understanding the results of an attempted access.
Resulting State of DiscoveryAccess
IP Injected → In Exclude list
IP Injected → IP Response → Desktop host
IP Injected → Already Processing this IP
IP Injected → Second Scan Optimization (Best IP)
IP Injected → No IP Response
IP Injected → IP Response
IP Injected → IP Response → Device Type not supported
IP Injected → IP Response → No HostInfo recovered
IP Injected → IP Response → No MACAddresses recovered
IP Injected → IP Response → HostInfo and MACAddresses recovered
IP Injected → IP Response → HostInfo and MACAddresses recovered → First Scan Optimization
IP Injected → IP Response → HostInfo and MACAddresses recovered → First Scan Optimization not needed
IP Injected → Traceback captured
IP Consolidated when originally optimized on Discovery Appliance
Troubleshooting using session results
Three scenarios are highlighted using Session Results:
- Initial scan and successful connection—A number of unsuccessful connection attempts followed by a successful connection shows BMC Helix Discovery selecting credentials.
- Failure to connect—BMC Helix Discovery was unable to connect. Typical problems could be failed credentials or poor network connectivity.
- Failure at start of scan before successful connection—This failure can occur when a credential fails (expiry) but a later credential is successful.
Checking credentials after a failure
- From the Discovery Access, click the session results link.
- Click the Connection timed out rows to display the SessionResult page for that specific login attempt.
This page shows information about the attempted login, including a credential link and a link to the DiscoveryAccess. The credential link is a hash of the credential name that links to that credential on the Login Credentials page only if you have sufficient permissions to view the credentials.
- Click the test button.
If the credential tests successfully, it is likely that a transient network problem caused the connection timeout. Alternatively, you can navigate back to the Discovery Access page and rescan from the Discovery Actions menu.
For information on using the DiscoveryAccess page to troubleshoot scan failures, see the following video (02:04):
Log in or register to comment.