Troubleshooting Discovery

This guide helps you diagnose and resolve common discovery issues in Tripl-i. Use the systematic approach and built-in tools provided to quickly identify and fix problems that may arise during infrastructure discovery.

Diagnostic Framework

Troubleshooting Workflow

Discovery Health Check

The Tripl-i platform provides built-in health check capabilities to verify your discovery system is functioning properly:

1. Discovery Services Status

   • Check if discovery agents are running
   • Verify service connectivity
   • Monitor background processes

2. Network Connectivity

   • Test API endpoint accessibility
   • Verify network routes to target systems
   • Check firewall configurations

3. Credential Vault

   • Test stored credentials
   • Verify credential access
   • Check for expired credentials

4. Recent Discovery Activity

   • Review discovery run history
   • Check success/failure rates
   • Identify patterns in issues

5. Error Analysis

   • Review recent error logs
   • Identify recurring problems
   • Track resolution progress

6. Resource Usage

   • Monitor CPU and memory utilization
   • Check disk space availability
   • Track network bandwidth usage

Common Issues

No Discovery Data

Symptoms

• CIs not appearing in CMDB
• Discovery shows "No devices found"
• Empty discovery results

Diagnostic Steps

Work through the following checks in order:

1. Network Connectivity

   • Ping the target device to confirm it is reachable
   • Verify that the required ports are open (SSH on port 22, WMI on port 135, SNMP on port 161)
   • Review firewall rules and network access control lists

2. Discovery Service

   • Confirm the discovery service is running
   • Check that worker processes are active
   • Look for a backlog in the processing queue
   • Review service logs for errors

3. Target Availability

   • Verify the target device is powered on
   • Confirm that the required services (WMI, SSH, SNMP) are running on the target
   • Check local firewall settings on the target
   • Review security modules such as SELinux or AppArmor that may be blocking access

4. Discovery Scope

   • Review the configured IP ranges to ensure the target is included
   • Check exclusion rules for unintended matches
   • Verify that discovery filters are not excluding the target
   • Confirm the discovery schedule is active

Common Solutions

Firewall Configuration

Ensure that the following ports and protocols are permitted through firewalls on both the discovery system and target devices:

Protocol	Port(s)	Direction	Purpose
WMI (TCP)	135	Inbound on target	Windows Management Instrumentation
WMI Async (TCP)	49152-65535	Inbound on target	WMI callback connections
SSH (TCP)	22	Inbound on target	Linux/Unix discovery
SNMP (UDP)	161	Inbound on target	Network device discovery

Windows targets: Add firewall rules to allow inbound TCP connections on port 135 and the dynamic RPC port range (49152-65535) from the discovery agent's IP address.

Linux targets: Allow inbound SSH connections (port 22) from the discovery agent's IP address or subnet.

Network devices: Configure an access list to permit SNMP queries from the discovery agent's IP address on UDP port 161.

Service Configuration

Windows targets:

• Ensure the Windows Management Instrumentation (WMI) service is set to start automatically and is running
• Enable and start the Remote Registry service if registry-based discovery is needed

Linux targets:

• Ensure the SSH daemon (sshd) is enabled and running
• Configure the discovery service account with limited, passwordless sudo access for the specific commands needed (such as dmidecode, netstat, and ip)

Authentication Failures

Symptoms

• "Access denied" errors
• "Invalid credentials" messages
• Partial discovery with auth errors

Diagnostic Steps

To diagnose authentication failures, verify the following:

• Windows targets: Test that the discovery credentials can connect via WMI and retrieve basic system information (such as operating system details and running processes) from the target server.
• Linux targets: Test that the discovery account can log in via SSH and that its sudo permissions are configured correctly for the required commands.

Permission Requirements

The discovery service account needs the following permissions on target systems:

Windows Requirements

Category	Requirements
Local Group Memberships	Performance Monitor Users, Event Log Readers, Distributed COM Users
User Rights	"Log on as a service" and "Access this computer from network"
DCOM Permissions	Local Launch, Remote Launch, Local Activation, Remote Activation

Linux Requirements

Category	Requirements
SSH Access	Required for all Linux/Unix discovery
Sudo Commands	dmidecode, netstat (or ss), ip (or ifconfig), ps, and optionally lsof
File Access (read-only)	/proc/, /sys/, /etc/os-release

Incomplete Discovery

Symptoms

• Missing software inventory
• Partial hardware information
• No relationship data
• Incomplete attributes

Root Cause Analysis

Work through the following areas to identify the cause of incomplete discovery:

1. Agent Configuration

   • Verify that all required collectors are enabled in the agent settings
   • Check for module-specific errors in the agent logs
   • Review timeout settings to ensure they are sufficient for the target environment

2. Data Collection

   • Confirm that process discovery is enabled
   • Confirm that software scanning is active
   • Confirm that network connection tracking is turned on

3. Processing Pipeline

   • Look for normalization errors in the processing logs
   • Check for pattern matching failures
   • Verify that enrichment processes are completing without timeout

Module-Specific Fixes

Software Discovery Issues

Windows targets:

• Verify that the Remote Registry service is running on the target machine, as software inventory relies on reading registry entries remotely

Linux targets:

• Confirm that the discovery account can read the package manager database (for example, query installed RPM or DPKG packages)
• If access is restricted, add the discovery user to the appropriate group that has read access to the package database

Network Connection Discovery

Windows targets:

• Enable the "File and Printer Sharing" firewall rule group on the target to allow network discovery traffic

Linux targets:

• Confirm that the ss or netstat utility is installed and available on the target
• If missing, install the appropriate networking tools package for your distribution (iproute2 for ss, or net-tools for netstat)

Performance Issues

Symptoms

• Slow discovery completion
• High CPU/memory usage
• Network congestion
• Timeout errors

Performance Analysis

Review your discovery performance metrics to understand where bottlenecks are occurring. Key metrics to examine include:

• Average and maximum duration per discovery method and target type
• Total discoveries completed in the last 24 hours
• Timeout count as a percentage of total runs

Use the built-in monitoring dashboards in Tripl-i to view these metrics and identify trends.

Performance Tuning Recommendations

Strategy	Conservative	Default	High Performance
Concurrent discovery targets	5	10	50

Timeout adjustments by target type:

Target Type	Recommended Timeout
Network devices	60 seconds
Busy servers	120 seconds
Slow network links	90 seconds

Additional optimization strategies:

• Reduce discovery frequency for stable devices that rarely change
• Use incremental discovery for frequent scans to minimize resource usage
• Schedule deep discovery runs during off-hours or maintenance windows
• Monitor resource utilization and keep CPU below 70%, memory below 4 GB per worker, and network bandwidth below 100 Mbps total

Data Quality Issues

Symptoms

• Duplicate CIs created
• Incorrect classifications
• Missing relationships
• Stale data

Data Validation

Use the built-in data quality tools to identify and address issues:

• Duplicate detection: Tripl-i can identify CIs that share the same name and serial number combination, indicating potential duplicates. Use the merge or deduplication features to consolidate these records.
• Classification review: Review CIs flagged with uncertain or incorrect device type classifications.
• Relationship integrity: Check for orphaned CIs that have no relationships or discovery updates.

Data Cleanup Procedures

1. Remove orphaned CIs

   • Identify CIs with no discovery update in the last 30 days
   • Look for CIs with no relationships and a status of "Unknown"
   • Review and remove or archive as appropriate

2. Fix misclassified items

   • Re-run AI classification on flagged items
   • Apply updated pattern matching rules
   • Manually review and correct items that remain incorrectly classified

3. Rebuild relationships

   • Clear stale connections that no longer reflect actual network topology
   • Re-run network topology discovery
   • Validate service dependencies after the rebuild

Advanced Diagnostics

Debug Mode

Tripl-i supports a debug mode that provides detailed, real-time logging for a specific discovery target. When debug mode is enabled for a target device, the system logs each step of the discovery process, including:

• Which credential is being used
• Connection method attempted (WMI, SSH, SNMP)
• Each data collection query and its result
• Any errors encountered (such as access denied on specific data classes)
• Fallback behavior when partial access is available

This detailed output helps pinpoint exactly where a discovery attempt succeeds or fails.

Network Traffic Analysis

For deep network-level troubleshooting, your network team can capture and analyze discovery traffic between the Tripl-i agent and target devices. Focus on traffic over the following ports:

• Port 22 (SSH) for Linux/Unix targets
• Port 135 and port 445 (WMI/SMB) for Windows targets
• Port 161 (SNMP) for network devices

Look for connection timeouts, refused connections, or missing response packets as indicators of network-level issues.

Discovery Agent Diagnostics

The Tripl-i discovery agent includes a built-in self-diagnostic capability. Running a diagnostic check on the agent produces a report covering:

• Agent version and status (running, stopped, uptime)
• Configuration validation (server URL, API key, assigned department)
• Connectivity status (server reachable, last check-in time, SSL certificate validity)
• Collector status (enabled/disabled and any errors per collector module: system info, software, network, processes)
• Recent errors with timestamps and descriptions
• Recommendations for resolving detected issues (such as adjusting permissions or increasing timeouts)

Troubleshooting Tools

Built-in Diagnostics

Tripl-i provides several diagnostic tools accessible through the web interface:

Tool	Capabilities
Discovery Test	Target a specific device, test with a specific credential and discovery method, view real-time logs
Credential Tester	Validate stored credentials, check permissions on target systems, test connectivity, display available capabilities
Pattern Debugger	Test pattern matching rules, view match details, debug regular expressions, validate logic

Log Analysis

When investigating issues, review the platform logs for relevant error patterns. Common categories to search for include:

Search Category	What to Look For
Authentication failures	Messages containing "auth," "denied," or "permission"
Timeout issues	Messages containing "timeout" or "timed out"
Network errors	Messages containing "unreachable," "refused," or "network"
Pattern matching issues	Messages containing "pattern," "match," or "regex"
Performance problems	Messages containing "slow," "performance," or "exceeded"

Recovery Procedures

Emergency Recovery

If discovery stops functioning entirely, follow this recovery sequence:

1. Pause all discovery -- Stop all active and scheduled discovery jobs through the administration interface
2. Clear stuck jobs -- Remove any jobs that are stuck in a processing state from the discovery queue
3. Reset discovery state -- Use the platform's reset function to restore discovery to a clean state
4. Restart services -- Restart the discovery and scheduler services
5. Test with a single target -- Run a manual discovery against one known-good target to verify the system is functioning
6. Resume normal operations -- Re-enable scheduled discovery once the single-target test succeeds

Data Recovery

If CIs are accidentally removed or corrupted, Tripl-i maintains a discovery history that can be used for recovery. The platform can restore CIs from previous successful discovery runs by:

• Identifying the date range of valid discovery data
• Selecting successfully discovered items from that period
• Re-creating CIs that are missing from the current CMDB
• Avoiding duplicates by checking against existing records

Contact your administrator or Tripl-i support for assistance with data recovery operations.

Prevention Strategies

Monitoring Setup

Set up proactive monitoring to catch issues before they affect your CMDB data quality:

Key Metrics to Track

Metric	Warning Threshold
Discovery success rate	Below 95%
Average discovery duration	Increasing trend
Timeout rate	Above 5%
Queue depth	Above 1,000 pending jobs
Error rate	Above 2%

Recommended Alerts

• More than 10 discovery failures within a 5-minute window
• No discoveries completed during an expected schedule window
• Spike in credential failure events
• Resource exhaustion warnings (CPU, memory, disk)

Dashboard Recommendations

• Real-time discovery status overview
• Success rate trends over time
• Performance metrics and historical comparisons
• Error categorization and frequency breakdown

Best Practices

1. Regular Maintenance

   • Validate credentials weekly
   • Audit discovery coverage monthly
   • Review and update discovery patterns quarterly
   • Conduct a full architecture review annually

2. Documentation

   • Document all custom discovery patterns and their purpose
   • Maintain a troubleshooting runbook with solutions to past issues
   • Record common solutions for your environment
   • Keep network diagrams up to date

3. Testing

   • Test new credentials before using them in production schedules
   • Validate pattern changes in a development or staging environment
   • Load test the discovery system before scaling up target counts
   • Practice recovery procedures periodically

Getting Help

Support Resources

Tripl-i Support

• Email: support@nopesight.com
• Support Portal: https://support.nopesight.com

Community Resources

• Community Forums: https://community.nopesight.com
• Pattern Library: https://github.com/nopesight/patterns
• Community Slack: nopesight-users.slack.com

Diagnostic Package

When contacting support, you can generate a diagnostic package from the Tripl-i platform. This package collects and bundles the following information for the support team:

• System information -- Platform version, configuration summary, and environment details
• Discovery status -- Current state of all discovery jobs and schedules
• Recent logs -- The most recent log entries from all discovery-related services
• Sanitized configuration -- Your discovery configuration with all sensitive information (credentials, API keys) removed

Generate this package from the administration interface and attach it to your support request for faster resolution.

Next Steps

• Best Practices - CMDB best practices
• Performance Tuning - System optimization
• Support Guide - Getting help