Use this article to help you troubleshoot Network Discovery scans.
This article describes:
- Prerequisites for Network Discovery domain scan
- Prerequisites for Network Discovery workgroup scan
- Possible issues preventing a successful scan
Prerequisites for Network Discovery Domain Scan
Make sure that the scanning agent is a Domain Controller. The role of the Domain Controller can be verified by running the following command in CMD:
wmic.exe ComputerSystem get DomainRole
|4||0x4||Backup Domain Controller|
|5||0x5||Primary Domain Controller|
In case the server was promoted to a Domain Controller, you should get the value ‘5’ as a response.
The domain account used for the Network Discovery must be a member of the Domain Admins group.
Optimal network settings also have to be done on the network for a Network Discovery scan to work properly. Please see the optimal network settings article.
Prerequisites for Network Discovery Workgroup Scan
Nmap OEM and Npcap OEM have to be installed on the scanning agent. The installation of Nmap OEM and Npcap OEM is done automatically when you first initiate a workgroup scan. The installation can fail if there is already another version of Nmap and Npcap installed on the scanning agent.
You can run the below commands in CMD which will trigger the silent uninstall for Nmap.
"C:\Program Files\Npcap\Uninstall.exe" /S "C:\Program Files (x86)\Nmap\Uninstall.exe" /S
Some possible issues that can prevent a successful scan include:
- Invalid domain controller credentials
- The scanning agent is offline
- The scanning agent's IP has changed (applicable when the scanning agent is a workstation). Most likely, the device is not on site. Continuing with the scan may lead to the scanning of irrelevant networks.
For more on Network Discovery, check out these articles:
- Activate Network Discovery
- Optimal network settings
- Set up scans
- Security scans
- Scan agentless networks
- Scan results and actions