Windows servers, that have SNMP enabled, and are scanned with an SNMP only behaviour, may get reclassified as Computers, Printers or Routers. The same would happen with a normal discovery, but where an iLO card or similar has SNMP open but not WMI/WinRM. If a Windows Discovery is then done, a new duplicate Windows Server CI will be created.
The 3 OIDs are:
|22.214.171.124.4.1.3126.96.36.199.1.1||Standard Network Switch||Is||IP Switch [cmdb_ci_ip_switch]||Microsoft||TRUE|
|188.8.131.52.4.1.3184.108.40.206.3||(empty)||Is||Computer [cmdb_ci_computer]||Microsoft||Windows CE||TRUE|
|220.127.116.11.4.1.318.104.22.168.1.2||Standard Network Printer||Is||Printer [cmdb_ci_printer]||Microsoft||Windows 6.1||TRUE|
For example, SNMP - Classify probe may return this from a Windows Server:
<sysName oid="22.214.171.124.126.96.36.199" type="SnmpOctetString">HOSTNAME.xxxxxxx.com</sysName> <sysUpTime oid="188.8.131.52.184.108.40.206" type="SnmpTimeTicks">516748039</sysUpTime>
<sysDescr oid="220.127.116.11.18.104.22.168" type="SnmpOctetString">
Hardware: Intel64 Family 6 Model 47 Stepping 2 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)
<sysObjectID oid="22.214.171.124.126.96.36.199" type="SnmpObjectId">.188.8.131.52.4.1.3184.108.40.206.1.2</sysObjectID>
"220.127.116.11.4.1.318.104.22.168.1.2" is one of the OIDs added in Orlando, which overrides any logic in the sensor, and makes the device a Network Printer class instead. Existing Windows Server CIs may get reclassified as Printers after upgrading to Orlando.
All SysObjectID OID values starting 22.214.171.124.4.1.3126.96.36.199. are generic OIDs for various Microsoft operating systems and versions. Any embedded devices with these OIDs have been implemented wrong, without a proper vendor/model specific unique OID. Any Servers with these OIDs shouldn't be discovered via SNMP as that is not supported, so none of these OIDs should be allowed in the OID table.
Steps to Reproduce
- Discover Windows Servers in a version Prior to Orlando
- Upgrade to Orlando, where thousands of OIDs were added.
- With a SNMP Only discovery behaviour, scan a Windows Server that has SNMP enabled.
- It will be reclassified as an IP Switch, Computer or Printer depedning on which specific microsoft OID it has.
- Data in fields that existed in the correct class, but not in the new class, will be lost.
This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.
As a workaround, deactivate these 3 OID records:
Note: Do not Delete these records, or they will just reappear with your next patch upgrade.
If this has already happened to you, the CIs can be re-classified back to the original Class, which is probably Windows Server [cmdb_ci_win_server]. You will then need to resolve the duplicates that had been created, usually by deleting the most recently created CI for each pair.
Related Problem: PRB1408983