Agent scan understanding
Agent scan in ServiceDesk plus happens in two way
1) Server to target machine 2) Agent from Machine to Server
MODE 1: 1) Server to target machine
-This scan happens when you login to ServiceDesk plus \ Asset explorer from your workstation or Server and then find out the list of assets and click on Scan.
-Even if you are accessing ServiceDesk plus \ AE from your laptop or Workstation, the SCAN request is always triggered from the server where SDP\AE is installed.
-Now, the Server will PING the target machine and use your DNS to find out the machine name and then check if 9000 on the target machine is pingable.
only if the port 9000 on the target machine is listening to this can will be successful.
In most of the VPN connected machines, 9000 will not be listening, hence Server will not be able to contact the machine and hence this scan is expected to fail
telnet machinename 9000 from the command prompt of the server.
Mode 2: 2) Agent from Target Machine to Server
- Though the Server cannot reach the workstation when a workstation is connected to VPN- the Agent on the workstation must be able to connect to the server.
- Hence, this second mode of the scan, works during
a) Every time the machine is rebooted while connected to the ( VPN ) or during the reboot if the machine is not connected to the VPN - then the data is stored on the machine itself and whenever the next time the machine is connected to VPN or can reach the server via Internet (for Public Hosted URL ) the data will be posted successfully.
b) Whenever there is a difference between the last scan and the current time
Let's say- the machine was rebooted at 1 PM and there was 20 Software installed on the machine. Our agents are programmed to scan the machine every 20 mins to find out if there is any difference in data. So, in this case when the scan runs at 1:20 PM and it finds 22 software or 18 software ( basically a difference ) the agent constructs an XML file for this difference data alone and posts it to the server.
You can verify this under the HISTORY of that asset
Though the Server cannot reach the machine on VPN, since the machine can reach the server -this second mode of the scan must work.
However, the SCAN STATUS of the machine will be marked as FAILED since this means that the server cannot reach the machine.
Please check if you are able to telnet machinename 9000 from the command prompt of the server. If this works, then Server to machine scan must work.
So, you can zip the logs from Drive\ManageEngine\ServiceDesk plus (or) Asset explorer \ Logs and send it to support if the machine name that fails to scan.
If you see that even the second mode ( Machine to Server ) is not working, then please zip the Agent logs found on your laptop under
(programfiles(x86)\ManageEngine\Asset Explorer \ Logs > Aeagent.log
New to ADSelfService Plus?
Related Articles
How does Agent Scan work ?
When you install Agent for the first time, It will initiate the scan immediately and send the data via application port (8080 or 443 as you configured) to Server. But when you scan from the Application, It will first try to check whether the client ...How DC agents or RAE push data to SDP MSP ?
Here is the scenario and the design : 1. DC MSP directly sends to SDP MSP. a. DC MSP gets workstation scanned details from its DC agents and send the data to SDP MSP. This is normal integration model. To make it work , 2 rules is to be satisfied : ...SDP Scan offerings a glance
There are several use cases to be addressed to scan user machines. Here are the solutions available with SDP now. - User machine rarely reaches the organization domain / Network (user login once a week using VPN and other times using local ...RAE compatible build link above SDP MSP 10526 build - Old Expired
SDP MSP's - 10526 compatible RAE build to use Distributed asset scan Full build - https://archives2.manageengine.com/asset-explorer/6900/ PPM RAE - https://archives2.manageengine.com/asset-explorer/6900_1/Criteria for successful agent scanning
1. Ensure that the agent services are running in the client machine under services.msc 2. In the application, under Admin >> Security Settings >> Ensure Stop uploading scanned XMLs via non-login URL is unchecked. 3. If ICMP is blocked in the network ...