[{"data":1,"prerenderedAt":698},["ShallowReactive",2],{"docs-troubleshooting-discovery-problems-":3,"docs-navigation":555},{"id":4,"title":5,"body":6,"dateModified":545,"datePublished":545,"description":546,"extension":547,"meta":548,"navigation":549,"path":550,"proficiencyLevel":551,"seo":552,"stem":553,"__hash__":554},"docs\u002Fdocs\u002F7.troubleshooting\u002F3.discovery-problems.md","Discovery Problems",{"type":7,"value":8,"toc":530},"minimark",[9,13,18,22,27,30,68,71,75,78,104,107,126,130,141,166,170,185,188,203,207,210,221,230,234,277,280,283,287,290,297,311,321,323,327,330,346,348,352,355,360,391,396,440,446,483,489,497,499,503,506,517,526],[10,11,5],"h1",{"id":12},"discovery-problems",[14,15,17],"h2",{"id":16},"problem-discovery-finds-nothing-or-very-little","Problem: Discovery Finds Nothing (or Very Little)",[19,20,21],"p",{},"If a discovery runs but doesn't return the data you expect, work through these steps.",[23,24,26],"h3",{"id":25},"step-1-check-that-the-device-is-reachable","Step 1: Check That the Device Is Reachable",[19,28,29],{},"Open a terminal on the Open-AudIT server and run:",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-bash shiki shiki-themes github-light github-dark","nmap -F \u003Cip_of_device>\n","bash","",[38,39,40],"code",{"__ignoreMap":36},[41,42,45,49,53,57,61,65],"span",{"class":43,"line":44},"line",1,[41,46,48],{"class":47},"sScJk","nmap",[41,50,52],{"class":51},"sj4cs"," -F",[41,54,56],{"class":55},"szBVR"," \u003C",[41,58,60],{"class":59},"sZZnC","ip_of_devic",[41,62,64],{"class":63},"sVt8B","e",[41,66,67],{"class":55},">\n",[19,69,70],{},"If this returns no open ports, the problem is on the target device side — firewall rules, the device being powered off, or a routing issue. Open-AudIT cannot discover a device that Nmap can't reach.",[23,72,74],{"id":73},"step-2-check-for-snmp-only","Step 2: Check for SNMP Only",[19,76,77],{},"Run this to test SNMP specifically:",[31,79,81],{"className":33,"code":80,"language":35,"meta":36,"style":36},"nmap -sU -p 161 \u003Cip_of_device>\n",[38,82,83],{"__ignoreMap":36},[41,84,85,87,90,93,96,98,100,102],{"class":43,"line":44},[41,86,48],{"class":47},[41,88,89],{"class":51}," -sU",[41,91,92],{"class":51}," -p",[41,94,95],{"class":51}," 161",[41,97,56],{"class":55},[41,99,60],{"class":59},[41,101,64],{"class":63},[41,103,67],{"class":55},[19,105,106],{},"If the only open port is UDP\u002F161 (SNMP), Open-AudIT won't consider it a valid device by default, because many firewalls respond to SNMP regardless of whether a real device is there. This is a false-positive prevention measure.",[19,108,109,113,114,117,118,121,122,125],{},[110,111,112],"strong",{},"Workaround:"," If you're sure the device is real, edit ",[38,115,116],{},"\u002Fusr\u002Flocal\u002Fopen-audit\u002Fother\u002Fdiscover_subnet.sh"," and set ",[38,119,120],{},"consider_161_enough"," to ",[38,123,124],{},"\"y\"",".",[23,127,129],{"id":128},"step-3-check-whether-a-full-audit-ran","Step 3: Check Whether a Full Audit Ran",[19,131,132,133,136,137,140],{},"Log in to Open-AudIT and view the device details. Under ",[110,134,135],{},"Summary → Details",", look at the ",[110,138,139],{},"Last Seen By"," field:",[142,143,144,152],"ul",{},[145,146,147,148,151],"li",{},"If it says ",[110,149,150],{},"NMAP"," — a full audit has not completed. Open-AudIT found the device but couldn't authenticate.",[145,153,147,154,157,158,161,162,165],{},[110,155,156],{},"SNMP",", ",[110,159,160],{},"SSH",", or ",[110,163,164],{},"Audit"," — authentication worked but something else may be incomplete.",[23,167,169],{"id":168},"step-4-increase-log-level-and-re-run","Step 4: Increase Log Level and Re-run",[19,171,172,173,176,177,180,181,184],{},"Set ",[38,174,175],{},"log_level"," to 7 (under ",[110,178,179],{},"Menu → Admin → Configuration","), then re-run the discovery for that device. Check the Discovery Log (on the device details page, under ",[110,182,183],{},"Discovery Log"," in the left sidebar).",[19,186,187],{},"Look for:",[142,189,190,197,200],{},[145,191,192,193,196],{},"Which ports are showing as open (SSH Status, WMI Status, SNMP — should be ",[38,194,195],{},"true"," for the protocol you're using)",[145,198,199],{},"Whether credential testing is succeeding",[145,201,202],{},"Any error messages during the audit script execution",[23,204,206],{"id":205},"step-5-verify-credential-configuration","Step 5: Verify Credential Configuration",[19,208,209],{},"Check that you have valid credentials of the right type:",[142,211,212,215,218],{},[145,213,214],{},"Windows devices need WMI credentials (Administrator account preferred)",[145,216,217],{},"Linux\u002FMac\u002FUnix devices need SSH credentials (root or sudo-enabled user)",[145,219,220],{},"Network devices need SNMP community strings",[19,222,223,224,229],{},"See ",[225,226,228],"a",{"href":227},"\u002Fdocs\u002Fdiscovery\u002Fcredentials\u002F","Setting Up Credentials"," for details.",[23,231,233],{"id":232},"step-6-check-firewall-and-port-requirements","Step 6: Check Firewall and Port Requirements",[235,236,237,250],"table",{},[238,239,240],"thead",{},[241,242,243,247],"tr",{},[244,245,246],"th",{},"Protocol",[244,248,249],{},"Required Ports",[251,252,253,262,270],"tbody",{},[241,254,255,259],{},[256,257,258],"td",{},"WMI (Windows)",[256,260,261],{},"TCP 135 + dynamic ports (see Microsoft documentation)",[241,263,264,267],{},[256,265,266],{},"SSH (Linux\u002FMac)",[256,268,269],{},"TCP 22",[241,271,272,274],{},[256,273,156],{},[256,275,276],{},"UDP 161",[19,278,279],{},"For Windows Core servers, you may need to explicitly allow WMI through the firewall remotely.",[281,282],"hr",{},[14,284,286],{"id":285},"problem-duplicate-devices-or-missing-devices","Problem: Duplicate Devices or Missing Devices",[19,288,289],{},"If the same physical device keeps getting created as a new record, or an existing record gets unexpectedly overwritten, this is a matching problem.",[19,291,223,292,296],{},[225,293,295],{"href":294},"\u002Fdocs\u002Fdiscovery\u002Fmatching-devices\u002F","Matching Devices"," for a full explanation. The short version:",[142,298,299,305],{},[145,300,301,304],{},[110,302,303],{},"Duplicate devices"," — None of the match rules fired. Usually caused by VM cloning, DHCP address changes, or devices that have very little identifying information.",[145,306,307,310],{},[110,308,309],{},"Overwritten devices"," — A match rule fired incorrectly. Common with cloned VMs where identifiers like D-Bus ID or MAC addresses are shared.",[19,312,313,314,316,317,320],{},"To diagnose, check the Discovery Log for the device and look at which field triggered (or failed to trigger) a match. Then review your match rule configuration under ",[110,315,179],{}," (search for ",[38,318,319],{},"match_",").",[281,322],{},[14,324,326],{"id":325},"problem-discovery-stopped-working-after-an-nmap-upgrade","Problem: Discovery Stopped Working After an Nmap Upgrade",[19,328,329],{},"On Red Hat \u002F CentOS systems, upgrading or downgrading Nmap can sometimes remove the SUID bit. Fix it with:",[31,331,333],{"className":33,"code":332,"language":35,"meta":36,"style":36},"chmod u+s \u002Fusr\u002Fbin\u002Fnmap\n",[38,334,335],{"__ignoreMap":36},[41,336,337,340,343],{"class":43,"line":44},[41,338,339],{"class":47},"chmod",[41,341,342],{"class":59}," u+s",[41,344,345],{"class":59}," \u002Fusr\u002Fbin\u002Fnmap\n",[281,347],{},[14,349,351],{"id":350},"problem-discovery-queue-is-stuck","Problem: Discovery Queue Is Stuck",[19,353,354],{},"If you suspect the discovery queue has hung (jobs in the queue but no progress for an hour or more):",[19,356,357],{},[110,358,359],{},"Check queue depth:",[31,361,365],{"className":362,"code":363,"language":364,"meta":36,"style":36},"language-sql shiki shiki-themes github-light github-dark","mysql -u openaudit -popenauditpassword openaudit -e \"SELECT COUNT(id) FROM queue;\"\n","sql",[38,366,367],{"__ignoreMap":36},[41,368,369,372,375,378,380,383,385,388],{"class":43,"line":44},[41,370,371],{"class":63},"mysql ",[41,373,374],{"class":55},"-",[41,376,377],{"class":63},"u openaudit ",[41,379,374],{"class":55},[41,381,382],{"class":63},"popenauditpassword openaudit ",[41,384,374],{"class":55},[41,386,387],{"class":63},"e ",[41,389,390],{"class":59},"\"SELECT COUNT(id) FROM queue;\"\n",[19,392,393],{},[110,394,395],{},"Clear the queue:",[31,397,399],{"className":362,"code":398,"language":364,"meta":36,"style":36},"mysql -u openaudit -popenauditpassword openaudit -e \"DELETE FROM queue;\"\nmysql -u openaudit -popenauditpassword openaudit -e \"UPDATE configuration SET value = 0 WHERE name = 'queue_count';\"\n",[38,400,401,420],{"__ignoreMap":36},[41,402,403,405,407,409,411,413,415,417],{"class":43,"line":44},[41,404,371],{"class":63},[41,406,374],{"class":55},[41,408,377],{"class":63},[41,410,374],{"class":55},[41,412,382],{"class":63},[41,414,374],{"class":55},[41,416,387],{"class":63},[41,418,419],{"class":59},"\"DELETE FROM queue;\"\n",[41,421,423,425,427,429,431,433,435,437],{"class":43,"line":422},2,[41,424,371],{"class":63},[41,426,374],{"class":55},[41,428,377],{"class":63},[41,430,374],{"class":55},[41,432,382],{"class":63},[41,434,374],{"class":55},[41,436,387],{"class":63},[41,438,439],{"class":59},"\"UPDATE configuration SET value = 0 WHERE name = 'queue_count';\"\n",[19,441,442,445],{},[110,443,444],{},"Restart Apache"," to kill any stuck processes:",[31,447,449],{"className":33,"code":448,"language":35,"meta":36,"style":36},"sudo service httpd restart      # RHEL\u002FCentOS\nsudo service apache2 restart    # Debian\u002FUbuntu\n",[38,450,451,469],{"__ignoreMap":36},[41,452,453,456,459,462,465],{"class":43,"line":44},[41,454,455],{"class":47},"sudo",[41,457,458],{"class":59}," service",[41,460,461],{"class":59}," httpd",[41,463,464],{"class":59}," restart",[41,466,468],{"class":467},"sJ8bj","      # RHEL\u002FCentOS\n",[41,470,471,473,475,478,480],{"class":43,"line":422},[41,472,455],{"class":47},[41,474,458],{"class":59},[41,476,477],{"class":59}," apache2",[41,479,464],{"class":59},[41,481,482],{"class":467},"    # Debian\u002FUbuntu\n",[19,484,485,488],{},[110,486,487],{},"Restart queue processing"," by visiting this URL in a browser (after Apache is back up):",[31,490,495],{"className":491,"code":493,"language":494,"meta":36},[492],"language-text","http:\u002F\u002FYOUR_SERVER\u002Fopen-audit\u002Findex.php\u002Futil\u002Fqueue\n","text",[38,496,493],{"__ignoreMap":36},[281,498],{},[14,500,502],{"id":501},"problem-windows-device-not-being-audited-from-linux-open-audit-server","Problem: Windows Device Not Being Audited From Linux Open-AudIT Server",[19,504,505],{},"When Open-AudIT runs on Linux and audits Windows machines, it copies the audit script to the Windows target via SMB and runs it remotely. This requires:",[142,507,508,511,514],{},[145,509,510],{},"SMB (port 445) open from the Open-AudIT server to the Windows target",[145,512,513],{},"A valid Windows Administrator account in your credentials",[145,515,516],{},"The Windows target configured to allow remote script execution",[19,518,223,519,525],{},[225,520,524],{"href":521,"rel":522},"https:\u002F\u002Fdocs.community.firstwave.com\u002Fwiki\u002Fspaces\u002FOA\u002Fpages\u002F3163947241\u002FTroubleshooting+Help",[523],"nofollow","Auditing Windows from Linux"," on the wiki for more detail.",[527,528,529],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .szBVR, html code.shiki .szBVR{--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .sVt8B, html code.shiki .sVt8B{--shiki-default:#24292E;--shiki-dark:#E1E4E8}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sJ8bj, html code.shiki .sJ8bj{--shiki-default:#6A737D;--shiki-dark:#6A737D}",{"title":36,"searchDepth":422,"depth":422,"links":531},[532,541,542,543,544],{"id":16,"depth":422,"text":17,"children":533},[534,536,537,538,539,540],{"id":25,"depth":535,"text":26},3,{"id":73,"depth":535,"text":74},{"id":128,"depth":535,"text":129},{"id":168,"depth":535,"text":169},{"id":205,"depth":535,"text":206},{"id":232,"depth":535,"text":233},{"id":285,"depth":422,"text":286},{"id":325,"depth":422,"text":326},{"id":350,"depth":422,"text":351},{"id":501,"depth":422,"text":502},"2026-04-10","Troubleshoot Open-AudIT discovery issues including devices not found, duplicate records, Nmap problems, stuck queues, and cross-platform auditing.","md",{},{"title":5},"\u002Fdocs\u002Ftroubleshooting\u002Fdiscovery-problems","Expert",{"title":5,"description":546},"docs\u002F7.troubleshooting\u002F3.discovery-problems","b1bXX4Dc6JAXHGViJmWKyDRt22O0xCcAO4Jjuleof54",[556],{"title":557,"path":558,"stem":559,"children":560},"Docs","\u002Fdocs","docs",[561,565,577,599,629,651,658,680,693],{"title":562,"path":558,"stem":563,"description":564},"Overview","docs\u002Findex","Guides to help you install, configure, and get the most out of Open-AudIT — a powerful network discovery, audit, and asset tracking system.",{"title":566,"path":567,"stem":568,"children":569,"description":571},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002F1.getting-started\u002F1.index",[570,572],{"title":566,"path":567,"stem":568,"description":571},"Get from a fresh install to discovering devices on your network in under 10 minutes. This guide walks through each step in order.",{"title":573,"path":574,"stem":575,"description":576},"Activating Your License","\u002Fdocs\u002Fgetting-started\u002Factivating-your-license","docs\u002F1.getting-started\u002F2.activating-your-license","How to activate your free 100-device Open-AudIT Enterprise license after installation.",{"title":578,"path":579,"stem":580,"children":581,"description":583},"Installation","\u002Fdocs\u002Finstallation","docs\u002F2.installation\u002F1.index",[582,584,589,594],{"title":578,"path":579,"stem":580,"description":583},"Install or upgrade Open-AudIT on Windows Server or Linux. Includes virtual appliance option for the fastest setup.",{"title":585,"path":586,"stem":587,"description":588},"Server Requirements","\u002Fdocs\u002Finstallation\u002Fserver-requirements","docs\u002F2.installation\u002F2.server-requirements","Hardware, operating system, browser, and dependency requirements for running Open-AudIT.",{"title":590,"path":591,"stem":592,"description":593},"Install on Linux","\u002Fdocs\u002Finstallation\u002Finstall-linux","docs\u002F2.installation\u002F3.install-linux","Step-by-step guide to installing Open-AudIT on supported Linux distributions including Red Hat, Rocky Linux, Debian, and Ubuntu.",{"title":595,"path":596,"stem":597,"description":598},"Install on Windows","\u002Fdocs\u002Finstallation\u002Finstall-windows","docs\u002F2.installation\u002F4.install-windows","Step-by-step guide to installing Open-AudIT on Windows Server, including Nmap and Visual C++ prerequisites.",{"title":562,"path":600,"stem":601,"children":602,"description":604},"\u002Fdocs\u002Fdiscovery","docs\u002F3.discovery\u002F1.index",[603,605,610,615,620,625],{"title":562,"path":600,"stem":601,"description":604},"Discovery is how Open-AudIT finds and audits devices on your network. Learn about credentials, running scans, discovery types, and how it all works under the hood.",{"title":606,"path":607,"stem":608,"description":609},"Credentials","\u002Fdocs\u002Fdiscovery\u002Fcredentials","docs\u002F3.discovery\u002F2.credentials","Learn how to create and manage the credential sets Open-AudIT uses to authenticate with devices during network discovery.",{"title":611,"path":612,"stem":613,"description":614},"Running a Discovery","\u002Fdocs\u002Fdiscovery\u002Frunning-a-discovery","docs\u002F3.discovery\u002F3.running-a-discovery","Step-by-step guide to creating and running your first network discovery in Open-AudIT, including advanced options and scheduling.",{"title":616,"path":617,"stem":618,"description":619},"Discovery Types","\u002Fdocs\u002Fdiscovery\u002Fdiscovery-types","docs\u002F3.discovery\u002F4.discovery-types","Open-AudIT supports Subnet, Active Directory, and Seed discovery types. Learn when to use each and how they work.",{"title":621,"path":622,"stem":623,"description":624},"How It Works","\u002Fdocs\u002Fdiscovery\u002Fhow-discovery-works","docs\u002F3.discovery\u002F5.how-discovery-works","A detailed look at what Open-AudIT does during a discovery — from Nmap scanning through credential testing, audit script execution, and data processing.",{"title":295,"path":626,"stem":627,"description":628},"\u002Fdocs\u002Fdiscovery\u002Fmatching-devices","docs\u002F3.discovery\u002F6.matching-devices","How Open-AudIT decides whether a discovered device is new or already exists in the database, and how to configure match rules to avoid duplicates.",{"title":630,"path":631,"stem":632,"children":633,"description":635},"Reporting","\u002Fdocs\u002Freporting","docs\u002F4.reporting\u002F1.index",[634,636,641,646],{"title":630,"path":631,"stem":632,"description":635},"Open-AudIT gives you multiple ways to pull meaningful information out of collected data using Queries, Summaries, and Reports.",{"title":637,"path":638,"stem":639,"description":640},"Queries, Summaries & Reports","\u002Fdocs\u002Freporting\u002Fqueries-summaries-reports","docs\u002F4.reporting\u002F2.queries-summaries-reports","Understand the three types of reporting in Open-AudIT — Queries, Summaries, and Reports — how they differ, and how to use filters and permissions.",{"title":642,"path":643,"stem":644,"description":645},"Creating a Query","\u002Fdocs\u002Freporting\u002Fcreating-a-query","docs\u002F4.reporting\u002F3.creating-a-query","Learn how to write custom SQL queries in Open-AudIT to extract device information, with examples for common use cases like warranty tracking and open ports.",{"title":647,"path":648,"stem":649,"description":650},"Groups","\u002Fdocs\u002Freporting\u002Fgroups","docs\u002F4.reporting\u002F4.groups","Learn how to use Groups in Open-AudIT to create dynamic collections of devices for filtering reports, building dashboards, and baselining configurations.",{"title":652,"path":653,"stem":654,"children":655,"description":657},"Dashboards","\u002Fdocs\u002Fdashboards","docs\u002F5.dashboards\u002F1.index",[656],{"title":652,"path":653,"stem":654,"description":657},"Configure and customise Open-AudIT dashboards and widgets to create at-a-glance visual overviews of your network environment.",{"title":659,"path":660,"stem":661,"children":662,"description":664},"Administration","\u002Fdocs\u002Fadministration","docs\u002F6.administration\u002F1.index",[663,665,670,675],{"title":659,"path":660,"stem":661,"description":664},"Covers the ongoing administration of Open-AudIT including configuration, user management, permissions, and backup procedures.",{"title":666,"path":667,"stem":668,"description":669},"Configuration","\u002Fdocs\u002Fadministration\u002Fconfiguration","docs\u002F6.administration\u002F2.configuration","Key configuration settings in Open-AudIT covering discovery behaviour, change logging, data retention, and how to edit them.",{"title":671,"path":672,"stem":673,"description":674},"Users, Roles & Orgs","\u002Fdocs\u002Fadministration\u002Fusers-roles-orgs","docs\u002F6.administration\u002F3.users-roles-orgs","Understand Open-AudIT's role-based access control system including users, roles, organisations, LDAP integration, and permission inheritance.",{"title":676,"path":677,"stem":678,"description":679},"Backup & Restore","\u002Fdocs\u002Fadministration\u002Fbackup-restore","docs\u002F6.administration\u002F4.backup-restore","How to back up and restore your Open-AudIT database on Linux and Windows, including database reset procedures.",{"title":681,"path":682,"stem":683,"children":684,"description":686},"Troubleshooting","\u002Fdocs\u002Ftroubleshooting","docs\u002F7.troubleshooting\u002F1.index",[685,687,692],{"title":681,"path":682,"stem":683,"description":686},"General troubleshooting guidance for Open-AudIT covering discovery problems, common errors, and first steps for diagnosing issues.",{"title":688,"path":689,"stem":690,"description":691},"Common Errors","\u002Fdocs\u002Ftroubleshooting\u002Fcommon-errors","docs\u002F7.troubleshooting\u002F2.common-errors","Explanations and solutions for common Open-AudIT error messages including MySQL lock errors, LDAP issues, Apache problems, and license screens.",{"title":5,"path":550,"stem":553,"description":546},{"title":694,"path":695,"stem":696,"description":697},"Release Notes","\u002Fdocs\u002Frelease-notes","docs\u002Frelease-notes","What's new in each Open-AudIT release — features, fixes, and improvements.",1779864898425]