Discovery Scan Issue

Hi. I have recently performed a detailed discovery scan against one asset, it completed successfully but I am not seeing any details for services, tasks etc etc. Scan was completed three hours ago.

Is it normal to take a long time to get this information populated? Are there any logs I need to check to see why I am not seeing the details yet?

Page 1 / 1

Hi @sami,

I would verify the scan account permissions. Please refer to BeyondTrust Discovery Agent scan account permissions.

Refer to Scanner logs section in the following article: How to generate a Support Package and gather logs (on-prem and SaaS)

Thanks GloriaB. If it’s a permission issue then would it be logged in the logs as what exact permission is missing?

Hi @sami . Yes, you should see the info in the logs. I would recommend turning on adavanced logging:
How to enable advanced logging for the BeyondTrust Discovery Agent (KB0017067). I would suggest just scanning one of the targets that is failing so it easier to follow in the logs, then search the xxxx_Pheonix.Service.idate].log for keyworks like failed or error. A few examples are:

“Credentials are invalid.” (indicates an issue with the account credentials)
“Alert lNetBIOS Credential, Access Failed]” (unable to connect to the $IPC share due to firewall or permissions).
“The BDA has failed to connect to the remote registry” (firewall or permissions)

It should have local admin permissions. To perform the enumerations, it needs to connect to the built-in $IPC share, install the discovery agent service, make remote WMI and registry calls, etc. (see the scan account permissions link Gloria posted above).

Also check the remote UAC permissions, Windows firewall, and NTLM settings, these can sometimes cause the local enumerations to fail. For more information please see the following KB:
Configuring Windows hosts for Discovery scanning

Let me know if any of these help resolve the issue.

Regards,

Donnie

Thanks for the helpful responses.