Is there something I have misunderstood, when I do an NMAP scan, all IP’s discovered, which is not present in BigFix, shouldn’t they show up in the console as unmanaged assets ?
Thanks in advance
Regards Henrik
There’s a little more to it than that, but yeah that’s basically true.
You need to run the scan, and you need to run the “Upload Scan Results”, and you need to have the Unmanaged Asset Import Service set up on the root server.
Once the scan happens, the results get uploaded, and the uploads get imported, your operator account must also have the rights to see them in the console - which you’ll have if you are an MO account but may need to check on if you’re using a standard operator account.
1 Like
Thanks for quick response 
All you mentioned is in place and I get some IP’s in the console as unmanged assets, but see lots more in the NMAP file, which is not in BigFix and that doesn’t show up in the console.
As info, I don’t discover mac adresses, because I scan many IP subnets from one scanpoint.
Ah ok I think I know what you mean. It has something to do with NMap being unable to tell whether the endpoint has a BigFix client running (because of host-based firewall or changes in the default ICMP responses on Windows), so NMap flags it as a “maybe” BigFix client and we skip it on import.
There’s an option on the Import Service on whether to import machines with the BES Client too. You’d have to select that option. Which means you’ll also get duplicate Unmanaged Assets for all your existing clients - but they do come in with a “likely BES Computer” property that makes it easier to delete those that match.
I need to retrieve my notes on that. Should have it later today.
1 Like
Makes good sense, I thougth it just did a check if the ip address was known in BigFix.
It is ok for me to have everything in unmanaged assets, since we will use it to sweep our network for active IP’s.
I’ll try to change the setting and see whats shows up in our console.
Ok, I’m back at my console.
From the BES Asset Discovery site, execute Task 21 “Change Nmap Asset Discovery Server Settings” and use the parameter “0” to include BES Clients.
A little more detail on the under-the-cover issue with finding BES clients…the NMap scan attempts a UDP connection to port 52311, where a BES Client should be listening for notifications about new content from the parent relay. The client does not send replies to the UDP message (and should not, based on how our notification process works), but … NMap is expecting an ICMP response for “port unavailable” if there was not process (BESClient) listening on the port.
Modern versions of Windows and Linux generally don’t send those ICMP “port unavailable” responses anymore, which breaks NMap’s ability to tell whether the BESClient process is running or not. So now we pretty much always need to set this option to include existing BigFix clients.
Now that you’ll be including the existing BES Clients as Unmanaged Assets, you may also want to use Task 31 “Change UAImporter Delete Mode” to manage what happens when you delete an unmanaged asset and it reappears again in a future scan. If you set “delete” mode, the info is removed from the database and if it’s found again in a future scan it is recreated; if you set “ignore” mode, the info stays in the database but it is marked as non-visible, and won’t come back to the console again if it appears in a future scan.
2 Likes
That made a big difference, almost all of the ip’s from the nmap scan file is now registered as an unmanaged asset. The ones still missing seems to be due to servers having multiple ip’s. Seems like nmap gets ip and hostname, but no mac address, still it looks like it identifies it as the same unmanged asset. Do you know if this is correct and if there is any way to control this ?