How to Troubleshoot UDD (Unmanaged Device Discovery)

Version 12

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x


    Question

    How do I verify my UDD results are accurate and working correctly?

     

    First of all, verify what UDD settings you are using. In this case I am using the default settings.

     

    defaultudd.JPG

    NOTE -- It is important to understand that UDD will work differently based on what options are selected in the above screenshot. For example, if you DO NOT use OS Fingerprinting then we DO NOT use nmap. Instead we will do a ICMP ping sweep and use NetBios to find the host name.

     

    Run ProcessExplorer while your UDD task is ran from the LDMS management console and look for the nmap.exe task.

    procexpnm.JPG

    Double click on nmap.exe task to see additional properties like what command was used to launch NMAP.

    uddwithnmapcommand.JPG

    In the example above nmap was launched with these paramaters;

     

    "C:\Program Files (x86)\LANDesk\ManagementSuite\nmap\nmap.exe" -v -PN -T4 -sS -F -O --script smb-os-discovery.nse --osscan-guess -iL "C:\Users\Administrator\AppData\Local\Temp\0ul6hdmp.scanlist" -oX "C:\Users\Administrator\AppData\Local\Temp\0ul6hdmp.xml"

     

    The above command points to a Temp folder on my core, this is for writing the outputs of the scan;

    files.JPG

     

     

    Explanation of the scan files

    The *.scanlist file has a list of IP addresses that were scanned

    The *.xml file will be created and then updated with the correct results while the UDD task is running. After the task is complete you can analyze to see the results.

    The *.tmp file does not have any data in it so you don't need to worry about it

     

    Now that you know where the scan output files are stored, and the command that the core is using, you can begin to run some tests to validate if it is working correctly. You can run a UDD task from the core and then after it has ran, save the scan output files to another location. Then you can run the same command using NMAP only from a command prompt. Finally, you can compare the results to see if everything is working correctly. This will help prove or disprove an issue with the core or nmap.

     

    Running NMAP from a CMD

    Take the nmap command that the core used, and run it through a command prompt:

    cmd.JPG

    NOTE -- You will want to rename or backup the *.xml file in the Temp directory prior to running this manually. If you don't then it will be overwritten. Notice for my test I renamed 0u16hdmp.xml to 0u16hdmp1.xml.

     

    What differences do you see between the scan output files when using the core when compared to running NMAP from a CMD prompt?

     

    If you want to learn more about nmap go to: Nmap: the Network Mapper - Free Security Scanner

     

    To learn more about the UDD setting OS Fingerprinting:

    NMAP - OS Fingerprinting Ports Used in LANDesk 9 SP2

     

     

    Required Ports for UDD

     

     

    Core Server
    PortDirectionNotes
    TCP22Outbound

    UDD

    TCP25OutboundUDD
    TCP9595Inbound OutboundAgent Discovery
    UDP9595Inbound OutboundAgent Discovery
    UDP38293Inbound OutboundAgent Discovery

     

    Linux
    Port #
    DirectionNotes
    TCP25InboundUDD
    TCP9595Inbound OutboundAgent Discovery
    UDP9595Inbound OutboundAgent Discovery

     

    Mac
    Port #DirectionNotes
    TCP25InboundUDD
    TCP9595Inbound OutboundAgent Discovery
    UDP9595Inbound OutboundAgent Discovery

     

    WindowsPort #DirectionNotes
    TCP25InboundUDD
    TCP9595Inbound OutboundAgent Discovery
    UDP9535Inbound OutboundDevice Discovery, XDD
    UDP9595Inbound OutboundAgent Discovery
    UDP38293Inbound OutboundAgent Discovery