8 Replies Latest reply on Mar 17, 2017 12:35 PM by Josh Hester

    ADDM appliance migration issue

      Share This:

      ADDM version 10.2

       

      We recently migrated our ADDM appliance to a different domain on our network.  Our successfully scanned hosts took a big drop in number right after the migration.  A big chunk of hosts we were scanning successfully pre-migration, now result in the following:

       

      End State: UnsupportedDevice

       

      Reason: Device is an unsupported device

       

      Device Summary: Device, Network Infrastructure, D-Link

       

      Sounds like there might be some networking/security configurations that might be limiting the ADDM appliance?  Any thoughts or suggestions on things to check or look for?

        • 1. Re: ADDM appliance migration issue
          Andrew Waters

          I imagine if you look at the DeviceInfo associated with the DiscoveryAccesses it has probed in the OS attribute names meaning it failed to authenticate and had to resort to nmap fingerprinting.

           

          This really depends how you have set up things. You would need to look at the individual cases and the session results. That will tell you what the system tried.

           

          Have you checked that the appliance is still able to communicate with the proxies? For more Unix like systems did you put any limitations on firewalls to only connect from specific addresses.

          1 of 1 people found this helpful
          • 2. Re: ADDM appliance migration issue

            Thanks for the feedback.  It appears that all of our Windows proxies are up and running correctly.

             

            Yes, all of the Skipped endpoints have a Discovery Method of "getDeviceInfo", and for some odd reason their Discovered OS is showing as D-Link webcams (which they are not).

             

            I guess ADDM's pattern recognition for D-Link webcams is getting triggered for whatever reason?

             

            When you say "failed to authenticate", do you mean invalid credential or that ADDM is not even getting to the point of using a credential and just guessing?  We believe our credentials are good.

            • 3. Re: ADDM appliance migration issue
              Andrew Waters

              Pick one failing example.

               

              What does the session results show? Are there only failures mentioned? On the DeviceInfo node does it mention "probed os" rather than os. If yes it was because it failed to gain access and used nmap fingerprinting.

               

              I presume that your moved appliance still see the same IP address space, i.e. that address w.x.y.z is still the same device in both the original location and the new location.

              1 of 1 people found this helpful
              • 4. Re: ADDM appliance migration issue

                Session results mention:

                 

                Session Type: unix login

                Successful: No

                Status Message: Failed to get login session

                 

                The Device info mentions:

                 

                Discovered OS: D-Link Webcam

                Discovered OS Type: D-Link

                Operating system derived from discovery heuristics: D-Link Webcam

                 

                The ADDM appliance is still the same server/device, but the IP address of the appliance did get changed due to the migration.

                • 5. Re: ADDM appliance migration issue
                  Brice-Emmanuel Loiseaux

                  Just a guess:

                  Are a lot of your estate protected by firewalls that reply false information to IPs that are not allowed to cross it? Since the appliance IP changed, this firewall configuration should be updated with the new IP.

                  1 of 1 people found this helpful
                  • 6. Re: ADDM appliance migration issue

                    There is an ADDM setting called "Check port 135 before using Windows access methods:"

                     

                    I changed this setting to "No", and this corrected a lot of our bogus D-Link unsupported devices.  I believe ADDM was getting garbage data back on the initial 135 port scan, and then it would treat it as a non Windows device (even if it was a Windows device).

                    2 of 2 people found this helpful
                    • 7. Re: ADDM appliance migration issue
                      Andrew Waters

                      This can have a pretty horrible effect on scanning performance. All the port 135 does is add a check so that if the port is not open it assumes the machine is not Windows. Trying Windows requests against other OSes can take a long time to fail.

                      1 of 1 people found this helpful
                      • 8. Re: ADDM appliance migration issue

                        Yes, it has hurt performance slightly.  Looks like it might be the only solution for now (due to network/security/firewall issues).