How to troubleshoot Unmanaged Device Discovery ( UDD )

Version 14

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x


    How do I verify my UDD results are accurate and working correctly?


    First of all, verify what UDD settings you are using. In this case I am using the default settings.



    NOTE -- It is important to understand that UDD will work differently based on what options are selected in the above screenshot. For example, if you DO NOT use OS Fingerprinting then we DO NOT use nmap. Instead we will do a ICMP ping sweep and use NetBios to find the host name.


    Run ProcessExplorer while your UDD task is ran from the LDMS management console and look for the nmap.exe task.


    Double click on nmap.exe task to see additional properties like what command was used to launch NMAP.


    In the example above nmap.exe was launched with these parameters;


    "C:\Program Files (x86)\LANDesk\ManagementSuite\nmap\nmap.exe" -v -PN -T4 -sS -F -O --script smb-os-discovery.nse --osscan-guess -iL "C:\Users\Administrator\AppData\Local\Temp\0ul6hdmp.scanlist" -oX "C:\Users\Administrator\AppData\Local\Temp\0ul6hdmp.xml"


    The above command points to a Temp folder on my core, this is for writing the outputs of the scan;




    Explanation of the scan files

    The *.scanlist file has a list of IP addresses that were scanned

    The *.xml file will be created and then updated with the correct results while the UDD task is running. After the task is complete you can analyze to see the results.

    The *.tmp file does not have any data in it so you don't need to worry about it


    Now that you know where the scan output files are stored, and the command that the core is using, you can begin to run some tests to validate if it is working correctly. You can run a UDD task from the core and then after it has ran, save the scan output files to another location. Then you can run the same command using NMAP only from a command prompt. Finally, you can compare the results to see if everything is working correctly. This will help prove or disprove an issue with the core or nmap.


    Running NMAP from a CMD

    Take the nmap command that the core used, and run it through a command prompt:


    NOTE -- You will want to rename or backup the *.xml file in the Temp directory prior to running this manually. If you don't then it will be overwritten. Notice for my test I renamed 0u16hdmp.xml to 0u16hdmp1.xml.


    What differences do you see between the scan output files when using the core when compared to running NMAP from a CMD prompt?


    If you want to learn more about nmap go to: Nmap: the Network Mapper - Free Security Scanner


    To learn more about the UDD setting OS Fingerprinting:

    NMAP - OS Fingerprinting Ports Used in LANDesk 9 SP2



    Required Ports for UDD



    Core Server


    TCP9595Inbound OutboundAgent Discovery
    UDP9595Inbound OutboundAgent Discovery
    UDP38293Inbound OutboundAgent Discovery


    Port #
    TCP9595Inbound OutboundAgent Discovery
    UDP9595Inbound OutboundAgent Discovery


    Port #DirectionNotes
    TCP9595Inbound OutboundAgent Discovery
    UDP9595Inbound OutboundAgent Discovery


    WindowsPort #DirectionNotes
    TCP9595Inbound OutboundAgent Discovery
    UDP9535Inbound OutboundDevice Discovery, XDD
    UDP9595Inbound OutboundAgent Discovery
    UDP38293Inbound OutboundAgent Discovery