Issue
During discovery, the physical host name keeps changing. The configuration item (CI) and asset records do not look correct; the CI hostname and hardware information appear to be merging between two or more CIs.
Symptoms
Release
All releases
Cause
ServiceNow discovery is agentless discovery. It uses multiple probes or sensors to query the the CI for information.
The main two probes that can cause this issue are the Classify and Identity probes.
- Classify gets the host information
- Identity gets the IP address and serial number information
One of the first hardware rule identifiers is the serial_number/serial_number_type.
- Classify scans system_one and gets it hostname
- Identity scans system_two and gets it serial_number
Since it is able to match the CI by serial number, the updated CI is the combination of hostname (system_one) and serial_number (system_two).
The following table illustrates this process.
Hostname | ipaddress | serial_number | |
Original CI | system_one | 10.1.1.3 | 54321ABCD |
Original CI | system_two | 10.1.1.4 | ABCD54321 |
New CI | system_one | 10.1.1.4 | ABCD54321 |
Other possible causes include:
- Multiple servers that sit behind a load balancer VIP. It's possible that the load balancer is forwarding the request to different CIs during classify and identity.
- If the DHCP lease time is too short, and discovery is running very slow. System_one picks up 10.1.1.4 and Discovery picked it up during classify. Then System_one dropped off the network. System_two came online and was given the same IP address, 10.1.1.4, and then discovery scans for identity. This could also happen when using VPN when the there is a small number of IP ranges, and the user can quickly obtain the same IP address.
- Multiple systems have the same serial_number
- The host system has multiple homes and multiple NICs.
Resolution
- If you know that the IP address you're scanning is a Virtual IP (VIP) on a load balancer, you can set the IP address in the exclude range so they will not be scanned. Most likely you can scan the system with its direct IP address.
- Increase the lease time on DHCP or add more MID Servers. This speeds up the discovery run time, shortening the time for classify and identity on different systems.
You can also exclude these IP address from the discovery schedule since the IP address is reused too frequently. - Multiple systems shouldn't have the same serial number. Check to see if your system admin can address this issue. If there are no way to change this, you need to use another method of identifying the CI in the hardware rule.
- The host name can change frequently if you're scanning two different IP addresses on the same host that uses DNS as a host name. Depending upon which IP address you scan, the host name will change to that DNS name. You can deselect DNS as the trusted host name in the discovery properties. This does not cause merge records but names can change frequently.
Related Links
For more information, see the following product documentation: