Troubleshooting Discovery and Audit
This guide helps you diagnose and resolve common scan, audit, agent, and credential issues in AlloyScan. Each entry lists the observable symptom, the most likely cause, where to verify, and the resolution steps.
Scan and audit issues
Symptom: Scan button is disabled on a segment
Likely cause: No Audit Service is assigned, or the assigned service is Inactive or ScheduledForDeletion. Where to verify: Segment Open view header, and Admin Center > Site Settings > Tasks and services > Audit services. Resolution: 1. Open the segment and check the Audit service value in the left rail. 2. If it reads No service, edit the segment and assign an active Audit Service. 3. If the service is Inactive, restore it: confirm the host is online and outbound TCP/443 is reachable to the AlloyScan instance. 4. Retry the scan.
Symptom: Audit completes but device is missing from Inventory
Likely cause: The device is on the segment's Ignore list, has been pruned, or the audit failed silently. Where to verify: Segment Open view > Ignore list; Admin Center > Site Settings > Logs > Audit log (Errors column); Admin Center > Site Settings > Logs > Security log for Service authentication failed entries. Resolution: 1. Review the segment's Ignore list and remove the device's identifier if present. 2. Check the Audit log for the matching task and inspect the Errors count. 3. If credentials are the cause, update the credential record and re-run the audit.
Symptom: Audit keeps failing with authentication errors
Likely cause: The credential record holds a stale or wrong secret, or the password has been rotated upstream. Where to verify: Admin Center > Site Settings > Tasks and services > Audit services > (service) > Credentials tab. Resolution: 1. Open the credential record for the failing target type. 2. Enter the current password or secret. 3. Re-run the audit on a single target device to confirm the fix.
Symptom: Scan finds no devices though hosts are reachable
Likely cause: The address list contains a typo, required ports are blocked, the targets are on the Ignore list, or the segment type does not match the targets. Where to verify: Segment edit; firewall rules between the Audit Service host and the targets (see Required Ports Reference); the segment's Ignore list. Resolution: 1. Correct any typos in the address list, subnet, or DNS names. 2. Open the required ports between the Audit Service host and the targets. 3. Remove unintended Ignore list entries. 4. If the segment type is wrong (for example, an Address list segment created for what should be a Domain segment), recreate the segment with the correct type.
Symptom: Device's audit shows the prior snapshot's values unchanged
Likely cause: When a new audit cannot be completed, AlloyScan retains the previous attribute values rather than blanking them. The underlying audit failure may be a credential, reachability, or custom audit field script fault. Where to verify: Device form > Audit tab — compare the Audit ID and Audit date with the previous snapshot. Inspect the Audit log Errors column for the most recent task. Resolution: 1. Investigate the audit log entry for the failed task. 2. Validate credentials, reachability, and any custom audit field scripts. 3. Re-run the audit and confirm the Audit ID changes.
Symptom: Scheduled scan does not produce the expected Scan log row
Likely cause: The schedule may not be assigned to the segment, or Next execution is not set. Where to verify: Admin Center > Site Settings > Settings > Scan schedules; the segment's Schedule value in the Segment Open view. Resolution: 1. Confirm the schedule is attached to the intended segment. 2. Confirm Next execution is populated and lies in the past. 3. If the issue persists, contact support with the schedule name and segment name.
Note: Details may vary by deployment.
Audit Agent issues
Symptom: Agent does not appear in the Audit agents list after install
Likely cause: Outbound TCP/443 is blocked on the endpoint, the installer failed, or prerequisites are missing. Where to verify: Endpoint firewall and proxy configuration; the installer log on the endpoint; OS prerequisites. Resolution: 1. Confirm outbound HTTPS/443 from the endpoint to the AlloyScan instance is open. 2. Reinstall after installing any missing prerequisites for the platform. 3. Restart the agent service after a successful install.
Symptom: Agent is installed but the first audit never arrives
Likely cause: Initial audit results take 10 to 15 minutes; the agent service may not be running. Where to verify: Endpoint system logs for agent service start and run errors. Resolution: 1. Confirm the agent service is running. 2. Restart the agent service to force a heartbeat and audit cycle. 3. If results still do not arrive after 15 minutes, contact support with the endpoint hostname.
Credentials issues
Symptom: Password field shows Has password or Not set but you cannot reveal it
Likely cause: By design — the stored secret is write-only and cannot be revealed after save. Where to verify: The credential edit modal. Resolution: To rotate the secret, enter a new value in the credential form. The previous stored value is overwritten.
Symptom: Domain password rotation at the target leaves audits failing
Likely cause: The credential record still holds the old password. Where to verify: Admin Center > Site Settings > Tasks and services > Audit services > (service) > Credentials. Resolution: 1. Open the relevant Windows credential record. 2. Enter the new password and save. 3. The next audit cycle picks up the updated credential automatically. To validate immediately, run an ad-hoc audit on a single target.
Symptom: Per-credential test or validate button is not visible
Likely cause: The current build does not expose a per-credential validation button. Where to verify: N/A — by design. Resolution: Run an ad-hoc audit on a small scope to validate the credential. See How to audit.
Performance and quota issues
Symptom: "Audits per month" quota is exhausted
Likely cause: The site reached its monthly audit cap. Where to verify: Admin Center > Site Settings > Limits and usage > Audits per month. Resolution: 1. Wait until the recharge day to resume audits. 2. Or, ask a Global Administrator to raise the per-site quota.