Credentials troubleshooting

Review the <credentials_debug> section of the ECC queue payload to troubleshoot issues with credentials.

Certain probes support credential debugging, starting with the Istanbul release. Credential debugging inserts a <credentials_debug> section in the payload that the MID Server returns to the instance ECC queue. You can view the <credentials_debug> section to see detailed information about the credential lookup.
The <credentials_debug> section appears in the payload if:
The <credentials_debug> section shows:
  • Information about the credential search, such as the credential types, tags, and affinities.
  • The IP address targeted.
  • Information about each credential (in order) that the MID server used, including the type, classification, tag, name, Sys ID, and external credential ID if present.
Figure 1. Sample payload showing invalid credentials
Sample payload showing invalid credentials
Additional details appear for PowerShell and SSHCommand:
  • For the PowerShell parameter:
    • If the local MID Server credentials were used after all the Windows credentials failed, and also if that succeeded.
    • If the credentials were skipped because you are try to discover the same machine that the MID Server is on, or if the mid.powershell.use_credentials parameter is set to true.
  • For the SSHCommand:
    • If the credential search was skipped because the target IP is blacklisted.
    • If the target IP was added to the blacklist.
Note: The MID Server saves IP addresses for failed credential searches in a blacklist in cache memory. This blacklist specifies which devices the MID Server should stop trying to access. By default, the IP addresses stay on the blacklist for five minutes, or until the credentials change or the MID Server is restarted, which clears the cache. You cannot change this time length.