Limitations and restrictions of this version

Limitations and restrictions

The following list provides links to the limitations and restrictions of this version:

Changes to regular expressions in Python

Global flags in Python are meant to be placed at the start of regular expressions. Earlier versions of Python issued warnings for misplaced flags. BMC Helix Discovery now uses Python 3.11, in which misplaced flags are an error. TKU patterns have been updated for this change, and the TPL compiler now warns if flags are misplaced in your custom patterns. However, regex searches with misplaced flags fail silently. In Blueprints, the searches fail to match and, without notification, your Blueprints will be empty, or will not contain what you expect.

A simple example of a misplaced flag is: '^(?i)Linux' which can be corrected to '(?i)^Linux'

Similarly: '/Common/(?i)((FV|dl)515sy):2121' can be corrected to '(?i)/Common/((FV|dl)515sy):2121'

An example from the EMC ControlCenter StorageScope pattern is: '^(?i)EMC ControlCenter \d(?:\.\d)*' which has been corrected in the TKU to '(?i)^EMC ControlCenter \d(?:\.\d)*'

Supported browsers

This section lists the supported browsers and their versions for BMC Helix Discovery and the BMC Discovery Outpost.

Validated browsers

The following recommended browsers have been thoroughly tested with BMC Helix Discovery and the BMC Discovery Outpost. When you use one of these browsers, any application functionality problems are considered bugs.

Firefox (latest version)
Chrome (latest version)
Microsoft Edge (latest version on the stable channel)

Informally tested browsers

On the following additional browsers, no formal testing has been undertaken, although some informal testing has happened and the product might work.

Opera (latest version)
Safari (latest version)

Deprecated browsers

The following browsers are no longer supported by BMC Helix Discovery or the BMC Discovery Outpost. You can continue to use the browser, though some features might not work.

Microsoft Internet Explorer

Remote access

We test the major browsers’ latest versions at release time on the major Windows desktops and on a selection of Linux systems. Occasionally, these browsers do not work as well using remote access, such as RDP, VNC and virtual desktop infrastructure systems. If you encounter such a problem we are happy to try and help but cannot guarantee being able to work around all browser remote access problems.

The BMC Helix Discovery time zone cannot be localized

All times given in the BMC Helix Discovery UI and logs are given in UTC. The time zone cannot be localized.

Scans of hosts running tmux return unusable information containing control characters

When scanning hosts running tmux, the returned information contains many escape and control characters, as tmux utility is intended for interactive/human use. The escape and control characters prevent accurate discovery, and the DiscoveryAccess shows Skipped (Device is an unsupported device). To work around this problem, bypass the default profile for the for the user configured for BMC Helix Discovery and provide a custom profile that does not enable tmux.

Multiple languages not supported in UI

The BMC Helix Discovery UI does not support multiple languages, including languages that use a right-to-left script.

Failed login attempts from Service Account for Windows credential scans

In the course of a successful Windows host discovery, Credential Proxies log in to the target using the configured credentials as expected. However, the Credential Proxy will also attempt to log in using the local account the Proxy was running as, or the Local System account if the local account was changed. The log-in attempt always fails and is harmless.

Upgrading the BMC Discovery Outpost host

After OS upgrades to the Windows host on which the BMC Discovery Outpost runs, you might see the following Nmap error: "dnet: Failed to open device lo0".

You can fix this with the batch file located in: C:\Program Files\Npcap\FixInstall.bat. The issue has been observed in upgrades from Windows Server 2016 to 2019, and some feature upgrades. More information is available here.

BMC Discovery Outpost on hosts with non-Ethernet adapters

If the host on which the BMC Discovery Outpost is installed includes a non-ethernet adapter, then you may see errors including the text, "Only ethernet devices can be used for raw scans on Windows."

Entering complex markup in manual groups may prevent PDF from being generated

If you enter complex reStructuredText markup in manual groups, errors may prevent the PDF from being generated. You can avoid this by using simpler markup.

OpenBSD cannot run dmidecode

You cannot run dmidecode on OpenBSD targets, even with root privileges.

SNMP discovery of Solaris 11 targets

The discovery of unpatched Solaris 11 systems using SNMP does not succeed. Applying Solaris 11 OS patches to update the SNMP agent to the current version should fix this.

Using WMI over IPv6

Due to limitations in Windows, WMI over IPv6 is not supported on the following versions of Windows:

Windows Server 2003
Windows XP
Windows 2000

To discover these versions of Windows using WMI, you must use IPv4.

SNMP discovery restrictions — AIX VIO, AIX 5.3, AIX 6.1

Some AIX-specific attributes are not set on DiscoveredNetworkInterface nodes (for example, interface_type, virtual_adapters, physical_adapters, shared_adapters, and physical_location).
Duplex and negotiation are not detected for network interfaces.
Where IPv6 connections exist on a discovered host, DiscoveredNetworkConnections are created with illegal IPv4 addresses like 254.253.154.176, due to bugs in the AIX MIB.
The following limitations result from the SNMP agent for these platforms only implementing older (deprecated) MIBs such as IP-MIB::ipAddrTable
- IPv6 addresses, connections, and listening ports are not discovered.
- Processes are not associated with network connections or listening ports.

SNMP discovery restrictions — AIX VIO

Fewer network interfaces might be discovered via SNMP than via a login credential.

SNMP discovery restrictions — Solaris 10

Duplex and negotiation are not detected for network interfaces.
Fewer IPv4 addresses might be discovered via SNMP than with a login credential.
Discovery is not possible via IPv6 as there is no support for an IPv6 transport in the version of net-snmp provided with Solaris 10.
The following limitations apply because the SNMP agent for these platforms only implements older (deprecated) MIBs such as IP-MIB::ipAddrTable.
- IPv6 addresses, connections, and listening ports are not discovered.
- Processes are not associated with network connections or listening ports.

SNMP discovery restrictions — Solaris 9

Duplex and negotiation are not detected for network interfaces.
The following limitations apply because the SNMP agent for these platforms only implements older (deprecated) MIBs such as IP-MIB::ipAddrTable.
- IPv6 addresses, connections, and listening ports are not discovered.
- Processes are not associated with network connections or listening ports.

Scanning without credentials often identifies hosts as an "Unsupported device"

Scanning without credentials often identifies hosts as an Unsupported device. To obtain full information, scan using valid credentials.

Hyper-V Windows virtual machines always report NIC speed as 10 GBps

Hyper-V Windows virtual machines always report NIC speed as 10 GBps regardless of the actual speed. Consequently, for Hyper-V Windows VMs, the host and switch mismatch field shows incorrect results.

Non-ASCII Unicode characters in CAM

In Collaborative Application Mapping (CAM), if you create components such as group names or functional components, that contain non-ASCII Unicode characters, the Business Application Instance (BAI) that results from running the pattern displays unreadable characters.

Tcpvcon cannot be pushed to Windows 2000 hosts (13963)

Tcpvcon cannot be pushed to Windows 2000 hosts. The workaround is to deploy the utility manually. QM001683624

Tcpvcon version later than 2.34 cannot return port information (QM001716854)

To discover port information (getProcessToConnectionMapping) from computers running Windows 2000 or earlier, you must have version 2.34 of Tcpvcon installed on them. If a more recent version of Tcpvcon has been installed on the target, you must replace it with version 2.34 to discover port information.

Version 2.34 of Tcpvcon is shipped along with the BMC Helix Discovery Windows proxies. To replace the recent version with version 2.34, perform the following steps:

On the computer running a Windows proxy, copy the tcpvcon.exe file, version 2.34, from the following location:
C:\Program Files\BMC Software\ADDM Proxy
On the target host, navigate to the location of the recent version of the tcpvcon.exe file and replace that file with the version 2.34 file that you have copied.
Run discovery again.

If a recent version of Tcpvcon is installed on a remote host, execution of the Tcpvcon command on the BMC Helix Discovery appliance/instance will fail and display the following timeout error message in the Windows proxy debug logs of the host:

RemQuery(): user = TSL\admintest: Timed out status = FAILURE

The timeout error will be reported because recent versions of Tcpvcon require a GUI-based end-user license agreement (EULA) to be confirmed when it is run for the first time. If you confirm the EULA on the host either manually or by using the accepteula switch, the Tcpvcon command is invoked successfully. However, as BMC Helix Discovery does not support recent versions of Tcpvcon, parsing of the command output will fail and the following error message will be displayed in the log:

Failed to parse command output status = FAILURE

Changes to user group memberships

If the privileges of a BMC Helix Discovery user are extended by changing the user's group memberships, then these changes might not take effect for up to 5 minutes. However, if privileges are withdrawn from the user these changes take immediate effect.

ECAError nodes show tracebacks of the error that occurred

This could cause concern during ethical hacking tests but is not actually a problem because the code shown is from patterns, which are already visible to the user, not internal to the product.

NDD discovery interface support

NDD discovery does not support trp interfaces.

Computer CIs do not always reconcile correctly

On certain UNIX systems, BMC Helix CMDB cannot reconcile the same Computer System CIs from the BMC Performance Management (BPM) and BMC Helix Discovery datasets. If the <hostname> command is not configured correctly on these systems, the command returns the fully qualified domain hostname (FQDN) instead of just the host name, resulting in duplicate Computer System CIs in the BMC.ASSET dataset.

Possible solutions include correcting the command output on the affected system or disabling reconciliation with data from BPM. If you are unsure, contact your Customer Support representative to discuss additional options.

WMI might report incorrect memory

WMI might report the physical memory available on Windows hosts incorrectly.

WMI arguments might be truncated

In unusual situations, the first argument to a process might not be reported to discovery by the target Windows host. This happens when a Windows process was created with CreateProcess with the ApplicationName parameter specified but without the module name used as the first argument passed in the CommandLine parameter.

Home directory of Discovery user on target computer must not be read-only

The home directory of the user that is used for discovery on target hosts must not be read-only. If it is read-only, scripts (such as which on Solaris 9 and 10 hosts) that write to the home directory will fail.

Solaris 10 and 11 truncate process information for non-privileged users

In Solaris 10 and 11 (11.0 to 11.3 prior to SRU5.6) /usr/ucb/ps will now only output the first 79 characters of commands unless it is run as root. The reason for this change is to prevent the inadvertent leak of private process data. Where process information is truncated, discovery will be incomplete for that host.
You must add the proc_owner right for the user account used for discovery, for example, the tideway user. To do this and retain all of the default privileges, as root, enter:

usermod -K defaultpriv=file_link_any,proc_info,proc_session,proc_fork,
proc_exec,proc_owner tideway

No spaces are permitted in the defaultpriv argument.

Solaris 8 and 9

Patches have been rolled out to replicate this behavior on Solaris 8 and 9.

Solaris 8 patch — 109023-05
Solaris 9 patch — 120240-01

To work around this, you should deploy sudoers privileges for /usr/ucb/ps.

Process information truncated in AIX

On AIX the ps command limits output to the horizontal screen size. This can be overridden using the COLUMNS environment variable, though the maximum permissible value for this is 2047.
Piping the output of the ps command through cat removes the columns restriction on AIX hosts with a May 2007 Service Pack.

OpenVMS support

Support for OpenVMS is limited to systems running the native vendor TCP stack.

Processor type correctly reported only by non-srvinfo access methods

Processor type is correctly reported when using WMI and non-srvinfo Discovery methods. However, if you discover the same host with srvinfo then it is reported incorrectly.
Ensure that the WMI or non-srvinfo access method is enabled.

Disabling "Ping hosts" setting slows discovery

If you disable the Ping hosts before scanning setting in the Discovery Configuration page, BMC Helix Discovery will try a number of methods before determining that there is no device at that IP address. If pinging is enabled, BMC Helix Discovery determines that there is no device immediately.

AIX user password must be changed by user after creation by root

On AIX, when a user password is changed by the root user, that password must be changed by the user at the next login. If the password is not changed and discovery is attempted using that user name and password, it fails when prompted to change the password.
To prevent this from happening, if you are the root user and add a new user, log in as that user and change the password.

SNMP credential does not validate IP address key

When adding or editing a login or SNMP credential, the IP Address key does not validate the format. You are permitted to enter special characters, alphanumeric, and invalid IP address formats (172.17.1.3.3.4). Only enter valid IP addresses.

Search facility searches hidden attributes

The search facility searches hidden attributes and system fields, even though the users cannot normally see this information.
This was observed when searching for a subnet to add relationship to from a host. The search string 127 was entered and the following two subnets were returned:

192.168.115.0/24
172.16.203.0/24

The search string does not appear in the subnets, but might have been found in hidden attributes associated with the subnets. This behavior can be confusing.

Xen para-virtualized hosts discovery limitations (QM001744086)

BMC Helix Discovery has the following known limitations in discovering the Xen para-virtualized hosts:

The hosts are not discovered as virtual.
The corresponding UUID is not correctly discovered.
The relationship between the Xen server and the virtual machine containers (software instances), including the virtualized hosts running on it, is not discovered.

There are no workarounds to overcome this limitation.

IBM AIX machine serial number changes when moved from one host container to another (QM001775765)

When an IBM AIX machine is moved from one host container to another, the discovered serial number of the host changes. As a result, a new host node is created and synchronized to BMC Helix CMDB (if CMDB synchronization is configured). The earlier host node is automatically removed through aging based on the Model Maintenance settings.
It is possible to manually destroy the earlier host node before it is removed through aging. However, manual destruction of host nodes is not recommended in production appliances/instances. For more information, see Destroying-data.

Limitations and restrictions of this version