Basic Probe Requirements to Scan Workstations

For the probe to scan workstations, ensure that the following requirements are met in each target workstation:

Windows Machines

One of the file sharing ports (139 or 445) and their respective SMB protocols must be open on the target machine, and not filtered on the probe machine. Click here for more information.

SMB Protocol	Open Port
SMB1	Port 139
SMB2	Port 445

Admin$ share (\TargetMachineHostOrIPAdmin$) of the target machine must be accessible from the probe-installed machine. Click here for more information.
Allow copying of files, such as SDPOD_MiniAgent.exe, ae_scan.vbs, and windows_model.vbs, from probe machines to target machines.

Prevent copied files from being automatically deleted by security policies.

Remote Registry must be running on the target machine if the Windows OS is not be installed on the C: drive.
The probe machine should be able to create and start a remote service on the target machine. (File Name: SDPOD_MiniAgent.exe, Service Name: SDPOD_MiniAgent). The credentials must have sufficient privileges on the target machine to remotely access the Service Control Manager (SCM) with full permission.
Execution of VBS script files (such as ae_scan.vbs and windows_model.vbs) on the target machine must be allowed.
WMI service must be running. Make sure that WMI repository is not corrupted.
Registry access is required.
Other system-level settings, security settings, or network/domain security levels should not restrict the scripts and services mentioned above.

Linux Machines

Port 22 (SSH) must be open on target machines and not be filtered on the probe machine.
The given credential should establish a connection with target machines from the probe machine.
bash must be installed on target machines.
Scripts executed on target machines should not be restricted.
To collect machine data after executing the following scripts, the probe requires Write permission for the /home/<user>/sdptmp folder on target machines.
- Linux-based : ae_scan.sh (During validation : getLinuxModel.sh)
- Mac : mac_ae_scan.sh
- AIX : aix_ae_scan.sh
- Solaris : solaris_ae_scan.sh

SNMP Devices

SNMP V1, SNMP V2, or SNMP V3 must be enabled.
The given credential should receive a response for the SNMP Get operation.
Port 161 (or the relevant custom port) must be open.

Virtual Host

The machine must be HyperV or VMWare ESXi.
The credential must have READ permission.

Scan Failures

In Assets, Scan Failures displays computers that failed to scan or have not been scanned recently, and the reason for each failure.

Go to Assets.
In the left pane, click Scan Failures.
On the list view, you will find a list of devices whose scans failed, along with key details such as failure error message, associated site, and last scanned period. Use the column chooser on the toolbar to view other details, such as error reason, audit details, and user details.

Error Messages

Following are the possible error messages that will be displayed under Last Scan Summary or in the scan failures list view.

Error Message	Reason
Unknown UserName or Bad Password	Verify the credentials given in the Credentials Library or in the Domain Scan. If Credential Library is used, make sure the user name is given in DomainNameUserName format for Windows.
Unable to connect to admin$ share	Remote registry service might not be running in the target machine. Go to Administrative tools > Windows Services in the target machine and start the remote registry service. Go to the target system and open Computer management > Shared folder > ADMIN$. Right click and start sharing if it is not shared. Check whether any antivirus, firewall, or Endpoint security software is preventing access to admin$ share.
None of the credentials configured in the network scan succeeded	This error occurs when none of the credentials configured in the network scan succeeded during the scan.
Local Asset credential not succeeded	The credentials selected under Workstations > Change Credentials pop-up did not succeed due to an unknown user name or bad password.
Unable to create or start remote service	Check whether the given credentials have admin privileges. Also, make sure the above mentioned conditions for Windows machines are satisfied.
Port [139/22] not open	For a target Windows machine, make sure that port 139 is open and accessible from the probe. For a target Linux machine, make sure that port 22 is open and accessible from the probe. To know how to check if ports are accessible, refer to this section
No Windows credential configured	In the network scan configuration, check if you have selected a Windows credential in the credential library for scanning Windows machines.
No SSH credential configured	In the network scan configuration, check if you have selected a SSH credential in the credential library for scanning Linux/Mac machines.
Any other error message	For Windows machines, make sure that you have provided username in the DomainName/UserName format in Credential Library. Also, check the conditions (mentioned above) for a successful scan.

How Does a Probe Perform a Network Scan/Domain Scan/Asset Scan By Using Scan Flow?

Assign Job to the Probe

A scan is initiated from ServiceDesk Plus Cloud.
ServiceDesk Plus Cloud server sends a job notification to the probe via the DMS server.
The probe receives the notification and requests job details from ServiceDesk Plus Cloud server.
After receiving the details, the probe executes the job.

Every five minutes, the probe contacts ServiceDesk Plus Cloud server to check for any new or pending jobs.
If the probe is already running a job, it will queue and pick up the pending jobs after it completes the current job.
If the DMS server URL is unreachable from the probe-installed machine, ServiceDesk Plus Cloud will not be able to send job information to the probe. In such cases, the Probe Task Status page may display Job Delivery Failed (for up to 5 minutes) until the probe reconnects to the Cloud server. After the reconnection, the probe will receive and process the pending jobs.

After the DMS server connects with the probe-installed machine, a page opens as shown:

Following are the DMS URLs used for the corresponding ServiceDesk Plus Cloud URL.

DMS Domain Details

External Domain Details
Data Center	Primary	Secondary
US	us4-dms.zoho.com	us3-dms.zoho.com
EU	eu1-dms.zoho.eu	eu2-dms.zoho.eu
IN	in2-dms.zoho.in	in1-dms.zoho.in
AU	au1-dms.zoho.com.au	au2-dms.zoho.com.au
CN	cn2-dms.zoho.com.cn	cn3-dms.zoho.com.cn
JP	jp1-dms.zoho.jp	jp2-dms.zoho.jp
CA	ca1-dms.zohocloud.ca	ca2-dms.zohocloud.ca
UK	uk1-dms.zoho.uk	uk2-dms.zoho.uk
SA	sa1-dms.zoho.sa	sa2-dms.zoho.sa

Network Scan

After receiving a network scan job from the ServiceDesk Plus Cloud server, the probe identifies the specified IP range for the scan.

The probe pings all IP addresses within that range to check for alive machines (machines reachable on the network). Only the machines that respond to the ping (alive hosts) are further scanned for detailed information. The scan results and status of these alive machines are displayed in the Last Scan Summary.

Domain Scan

After receiving a domain scan job from the ServiceDesk Plus Cloud server, the probe connects to the Active Directory Domain Controller by using LDAP or LDAPS.

If Use SSL for secure LDAP query is enabled, the probe uses LDAPS over port 636. Otherwise, it uses LDAP over port 389. Therefore, the respective ports must be open on the Active Directory Domain Controller.

After the connection is established (using the configured credentials) with Active Directory, the probe fetches a list of machines.

If a Base DN is specified, the probe fetches only the machines within that Base DN and its child objects.
If the Base DN value is incorrect, the probe will fail to connect to the domain.

The probe then fetches the hostnames (computer object names) of the machines from Active Directory. Using DNS, it resolves these hostnames to IP addresses and pings them to check availability.

Only the machines that respond (alive hosts) are scanned. Their status and results are displayed in Last Scan Summary.

Asset Scan (Scan Now in the Asset Details Page)

After receiving the asset scan job, the probe queries DNS to resolve the asset’s hostname to its corresponding IP address. Then, it pings the IP address to verify if the asset is alive (reachable on the network). Only assets that respond to the ping are scanned further.

Scan Flow

The probe checks whether the target machine is an SNMP device by performing an SNMP GET operation using the provided SNMP credentials. If no SNMP credentials are provided, the probe will not perform the SNMP GET.
The probe verifies if the machine is a virtual host. If it is identified as a virtual host, the probe proceeds with the virtual host scan.
The probe identifies the target machine’s operating system based on the open ports:
- If port 139 or 445 is open, the probe assumes the machine is running Windows.
- If port 22 is open, the probe assumes the machine is Linux-based.
If all these ports are open, the probe attempts a Windows scan first. If the scan fails (indicating the machine is not Windows), it attempts a Linux scan if SSH credentials are available.

Scan on Windows Machines

The probe creates an admin$ connection with the target machine by using the given credentials. After the connection is established, the probe copies SDPOD_MiniAgent.exe and ae_scan.vbs (windows_model.vbs during the validate option) to the admin$ shared path and invokes a service (create and start the service) called SDPOD_MiniAgent.

After the SDPOD_MiniAgent service is invoked, the service executes the ae_scan.vbs (windows_model.vbs during the validation). After the script execution is complete, a result.txt file (Model.txt file is generated during the validation) and a DONE file are generated.

Based on the DONE file, the probe copies the result file and converts the result data to XML.

The scan timeout period is 3 Minutes and the result.txt size must be below 500KB.

Scan on Linux Machines

The probe establishes an SSH connection and executes commands on the target machine with help of the plink.exe (available under the probe bin folder) by using the given credentials.

Then, the probe executes a shell script on the target machine (example ae_scan.sh). After the script execution is complete, the probe copies the result file (scan_result.xml) from the target machine.

Scan on Virtual Hosts

If the probe identifies the target machine as a virtual host, it attempts to log in by using the provided credentials.
After a successful login, the probe collects the Virtual Host’s details and generates an XML file, followed by a cache file for the target machine.
The probe compresses the XML file into scan_result.zip and uploads it to the ServiceDesk Plus Cloud server. The maximum size allowed for scan_result.zip is 5MB.
To optimize performance, the probe compares the newly generated data with the existing cache. Then, it updates only the differences in the result XML file to reduce the server load. The size of the differential XML file typically ranges between 5KB and 10KB.

Scan on SNMP Devices

The probe retrieves the System Object ID (SysOid) of the target SNMP device via SNMP GET operation by using the OID ".1.3.6.1.2.1.1.2.0". Based on the SysOid response, probe categorizes the device's Product and Product Type.

Sample Response

System Object ID: .1.3.6.1.4.1.9.1.1043 (response from the device for SNMP Get)
Product: Cisco IOS Software
Product Type: Cisco Switch

The probe determines the device’s Product and Product Type by using the following method:

If any SNMP configuration (Custom configuration: SnmpDevicesConf.json) is provided on the probe, the Product and Product type are assigned from it.
Otherwise, the probe checks whether the SysOid exists in the Unknown Oid list. If found, probe assigns the Product and Product Type from the Unknown Oid.
If not found, the probe looks for the SysOid in AssetTypeEntires.json (in the conf folder). If present, the probe assigns the Product and Product Type from this file.
If the SysOid is not found in any of the sources, it means that the probe does not have the Product and Product Type information. In this case, the Unknown Oid is added to the Unknown Oid list on the server.
After the Product and Product Type have been identified and assigned to the Unknown Oid, the probe uses the information during subsequent SNMP scans.
Depending the Product Type, the probe performs additional SNMP GET operation for Deep Discovery, fetching detailed information for devices such as printers, routers, and switches.

Probe Architecture Diagram

How to Check Whether a Machine Is Alive Based on the Scan Type?

Use the ping command to see if the target machine is reachable from the probe-installed machine.

ping TargetMachineHostOrIP

During the network scan, the probe pings the target machine by using the IP address. For example,

ping 192.168.1.1

If the machine is not alive, the asset scan status will not reflect in the last scan summary.

During the domain scan, the probe retrieves the host's IP address from the DNS entry in AD and pings the resolved IP. i.e.,

nslookup test-host → 192.168.1.1

If the host does not have a valid DNS entry, the probe will not attempt to ping, and the asset scan status will not reflect in the Last Scan Summary.

When Scan Now or Remote Control is initiated from the asset details page, the probe uses DNS resolution to retrieve the IP address by looking up the asset name.

If the asset name does not have a valid DNS entry, the probe cannot resolve the IP address, and the initiated operation (scan/remote control) will not execute.

Example:

nslookup test-host.sdp.com

Result:

Name: test-host.sdp.com
Address: 192.168.1.2

Here, the probe resolves the asset test-host.sdp.com to 192.168.1.2 and proceeds the operation with the resolved IP.

How to Check Whether the Required Ports Are Open ?

Open the Command Prompt and go to the Nmap installation directory within the probe path:

cd ManageEngineSDPODProbebinNMap

Run the following command to check whether the required ports on the target machine are open:

nmap.exe -Pn -p 139,22,445,389,636,161 10.63.22.20

Here, -Pn skips the host discovery phase and directly scans the specified ports.
-p specifies the list of ports to be scanned.
10.63.22.20 is the IP address of the target host.

The scan results should show the specified ports as open, as required for proper probe-to-target communication.

Alternatively, run the following command on the probe machine's command prompt:

Syntax

PowerShell -command "Test-NetConnection -ComputerName IP_ADDRESS -Port PORT_NUMBER"

Example:

PowerShell -command "Test-NetConnection -ComputerName 192.168.1.1 -Port 139

TcpTestSucceeded must be true.

How to Check Whether the Remote Registry Service Is Running on a Target Workstation?

On the target workstation, open the Windows Services console (services.msc).
Locate the Remote Registry service.
Check if the service is Enabled and its status is set to Running.

How to Check Whether Admin$ Share Is Accessible ?

For a scan to succeed, the Admin$ share of the target workstations must be accessible from the probe machine.

Method 1: Using Command Prompt

On the probe machine, open Command Prompt.
Run the command:

net use \TargetHostAdmin$ /user:domainadministrator

When prompted for the password, provide the credentials you have configured in ServiceDesk Plus Cloud for the domain scan or network scan.
The command must establish a successful connection.

Method 2: Using Run Dialog

On the probe machine, open the Run dialog.
Enter \TargetHostAdmin$
If prompted, provide the credentials you have configured in ServiceDesk Plus Cloud for the domain scan or the network scan.
Successful connection must be established, and the target workstation's files must be available in Windows Explorer.

How to Check Whether the Required SMB Protocol is Enabled?

On the target machine, open Windows PowerShell and run the following command:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

How to Troubleshoot if Port 139 is Not Open and Admin$ Share is Not Accessible?

On the target workstation, open the Windows Firewall settings and check the status.
If the firewall is enabled, allow access to the TCP port 139.
Check for any antivirus, endpoint protection, or other security software that might be blocking access to Port 139.

How to Verify Whether the Probe Machine Can Create Remote Service on the Target Machine?

After establishing connection with admin$ shared path on the target machine, follow the steps below:

Step 1: Copy file to target machine from Probe machine

On the probe machine, open the Run dialog and enter \TargetHostAdmin$
From the probe installation directory \ManageEngineSDPODProbe, copy the following files to the target machine's path \TargetMachineAdmin$sdpod_agent
SDPOD_MiniAgent.exe: located in the probe bin folder.
ae_scan.vbs can be obtained from the server by using the link and save it locally on the probe machine as ae_scan.vbs.

If the logged-in user can copy the file, but the probe cannot, it indicates that the SYSTEM user (under which the probe runs) lacks permission to copy the file to the target machine.

To modify the SYSTEM user,

Go to Windows search (Windows + S) and open services.msc.
Locate the ManageEngine SDP Cloud Probe service
Right-click the service and click Properties > Logon.
Choose This Account and click Browse.
Enter the desired user account name, or click Advanced > Find Now to select a user.
Click Apply and restart the probe service.

Step 2: Service creation and VBS execution

After the files are copied to the target machine, use the following commands to create and start the SDPOD_MiniAgent service.

Command to create the SDPOD_MiniAgent service:

sc \TargetMachineHostOrIP create SDPOD_MiniAgent binPath= "C:Windowssdpod_agentSDPOD_MiniAgent.exe"

The output should be [SC] CreateService SUCCESS.

Command to start the SDPOD_MiniAgent service:

sc \TargetMachineHostOrIP start SDPOD_MiniAgent

In the output, the STATE should be RUNNING.

Step 3: To execute VBS on the target machine (To verify if VBS script executes successfully):

To execute the ae_scan.vbs on the target machine manually,

Copy the ae_scan.vbs to the path \TargetMachineAdmin$sdpod_agent.
On the target machine, open Command Prompt and go to the same path (C:Windowssdpod_agent).
Execute the following command:

cscript ae_scan.vbs 10

A result.txt file should be generated on the same path successfully.

If result.txt is not generated:

The WMI repository on the target machine might be corrupted, or
The user account may not have permission to create files in the Admin$ share path.

To verify this, try running the script from another directory where the user has file creation rights. For example:

Copy the script to a test folder: E:TestFolder
Run the command:

cscript E:TestFolderae_scan.vbs 10

Check if result.txt is created in that location.

Step 4: WMI repository verification

Use the following command on the target machine and check if the WMI repository is working as expected.

wmic path Win32_ComputerSystem get name, model

To know more about WMI repository restoration, click here.

How to Check if a Connection is Created on the Linux Machine?

On the probe machine, open Command Prompt and go to the probe installed path \ManageEngineSDPODProbebin.
Use the following command to establish a connection with the target machine:

Syntax

plink.exe -P 22 userName@Host

Example

plink.exe -P 22 test-user@192.168.1.1

How to Check Whether the Linux Machine is Supported for Scan?

On the target machine, run the following command in the remote terminal session:

uname

Scan-supported kernel for linux-based machines: Linux, Darwin, AIX, and SunOS

To copy the scan result of the target Linux machine, pscp.exe is used.

Things to Check in Probe Logs

Alive Hosts in Network/Domain Scan

During a network or domain scan, the probe first identifies the list of alive hosts. Only the hosts included in this list are scanned further.

The probe uses Nmap to perform alive host discovery.
Verify whether the target hostname or IP address appears in the alive hosts list.
If the host is missing, review the scan log for any Windows error codes that may have been generated during the process.

You can also go to the probe installed machine and refer to the probe logs for more details. The latest scan log will be available in the ProbeMain0.log file under C:ManageEngineSDPODProbelogs

Is There Any Alternate Way of Scanning ?

You can run a self scan script in each of the workstations, either through GPO or task scheduler. Please refer here for more details : https://help.sdpondemand.com/self-scan

When will a workstation be renamed with _old as suffix?

Case 1: User is provided with a new workstation

Let's say the following workstation is already available in the application:

Workstation Name	Service Tag
john.zillum.com	J1

If John’s computer is replaced with a new machine named john.zillum.com but with a different service tag J2, the next scan will update the records as follows:

The original workstation entry will be renamed to john.zillum.com_old with service tag J1.
A new workstation entry will be created as john.zillum.com with service tag J2.

After the scan, the workstation list will look like this:

Workstation Name	Service Tag
john.zillum.com_old	J1
john.zillum.com	J2

Case 2: User is provided with a workstation, which is already available in the application

Let's say the following workstations are available in ServiceDesk Plus Cloud:

Workstation Name	Service Tag
john.zillum.com	J1
TestWin10.zillum.com	J2

John's computer encounters a problem and the IT Team assigns him the TestWin10 machine after renaming it as john.zillum.com at the OS level.

When this machine is scanned, the following happens in the application:
a) john.zillum.com will be renamed as john.zillum.com_old
b) TestWin10.zillum.com will be renamed as john.zillum.com

At the end of the scan, here is how the workstations will be listed:

Workstation Name	Service Tag
john.zillum.com_old	J1
john.zillum.com	J2

FAQs

1. Why does using Scan Now from the asset details page not update the asset, while a network scan does?

Verify if the DNS entry for the asset is configured correctly.

i.e., nslookup <AssetName>

If the DNS entry is mapped to the wrong IP, the scan may run on a different machine instead of the intended asset.

2. Why is an asset being scanned but not reflected in ServiceDesk Plus Cloud?

If an asset is scanned but does not appear in ServiceDesk Plus Cloud, follow the troubleshooting steps below. Execute the specified commands on the target machine wherever required.

Step 1: Check MAC address identification

Verify if MAC address identification is enabled.
If enabled, it may cause asset overwriting when the same MAC address is dynamically assigned to multiple machines at different times.
Therefore, if enabled, disable MAC address identification and perform a re-scan.

Step 2: Verify service tag uniqueness

Perform a search using the service tag in Computers to ensure no other asset exists with the same service tag.
If duplicates are found, add the service tag to the Invalid Service Tag list and perform a re-scan. To add the service tag to the list, go to Setup > Probes & Discovery > Settings > Invalid Service Tag List
To retrieve the service tag, run the following command on the target machine:

wmic path Win32_BIOS get SerialNumber

Step 3: Verify product (model) mapping

Search for the product (model) of the asset under Setup > Customization > Asset Management > Product.
Make sure that the product is listed under Computer or one of its child product types. This is because ServiceDesk Plus Cloud supports scanning only for Computer or its child product types.
To retrieve the product model, run the following command:

wmic path Win32_ComputerSystem get Model

Note: By default, newly discovered products are placed under Computer. If manually moved to another product type (outside Computer or its child products), scans for those machines will fail.

3. What happens when the probe key is already registered in another machine?

If the MAC address of the probe machine changes, the server will treat it as a new probe since the MAC address is the unique identifier. In this case:

Add a new probe in ServiceDesk Plus Cloud.
Reassign all scans associated with the old probe to the new probe. To reassign, click Edit > Update Scans.
Register using the new probe’s key.

4. Why do I see the error "curl command not found" or "netcat command not found"?

While running a scan by using the scan_script.sh:

curl command is required if an API key is used.
netcat command is required if the probe hostname is passed as a parameter.

Probe Configuration

Configuration File Path: \ManageEngineSDPODProbeconfprobe.props

If the probe faces specific issues, you can add the following configuration parameters at the end of the probe.props file:

If the probe can ping the target machine but the last scan summary does not display results for it, the probe may have used Nmap for alive detection. To resolve this, apply the following configuration:

Configuration : force_ping=true

If the job does not complete, or the status keeps showing as Aborted in the UI, you can troubleshoot by searching the logs (such as ProbeMain0, ProbeMain1, …, ProbeMain10) for the keyword "got stuck". If found, add the following configuration:

Configuration : use_thread_for_windows_discovery=true

If the ae_scan.vbs script execution takes more than three minutes, probe aborts the scan process for that machine. Add the configuration to extend the timeout (Maximum timeout value: 10).

Configuration : response_collector_timeout=10

If multiple SNMP devices return the same hostname, ServiceDesk Plus Cloud will overwrite those assets. This happens because SNMP assets are added or updated based on their hostname. To avoid this, enable the following configuration so that assets are added based on their DNS names instead. Configuration : snmp_dns_name=true

Configuration : snmp_dns_name=true

If the above configuration is applied on the probe file,

All scanned assets will be added or updated by using the asset’s DNS name. As a result, any asset added based on the response from an SNMP device will not be updated.

If no valid DNS entry exists for the device, the asset will be added using its IP address as the name.

After applying any of the above configurations, restart the probe by using the Probe Tray icon.