Thanks for the detailed reply. We wanted to get away from having to manage yet another agent on endpoint systems so we've opted for now just to use centralized scanning. For VPN users we use a dedicated scanner that operates during prime logon hours to capture as many assets as possible in a timely manner. 

When doing the analysis to divide the networks into scan ranges, i tried to 'right size' the IP Scan subnets so they arn't overly large. There is push back from our security team to scan more broadly but i've mentioned to them that it will impact scan times and potentially jam up the scanning servers with too many assets.

I believe the intention behind scanning broadly is because we really don't have a great handle on all of our network subnets and sites. I suspect the better solution will be to discover what we have and then develop and process to have our Network team inform Lansweeper admins when new subnets are added/removed/changed and not rely on overly large broad IP scans. 

It seems like by enabling the Domain Scan once a week/month we can use this as a discovery or sorts, at least for sites that have domain joined windows assets. Eventually as the other dedicated IP Range scanners perform their scans they will automatically re-assign the assets to themselves leaving a remainder that needs to be sorted through to identify unknown sites and such. Its not ideal but it kinda works.

I'll take a look into the reports you mentioned to try to identify problematic assets. 

We have many sites as well, i think i've configured about 1500 asset groups corresponding to physical sites and not all of them are in a continuous IP range....its been a lot of work to even get this far!

We have around 250,000 assets, 15 separate domains, over 200 locations with over 3,000 IP ranges....I feel your pain.  We only have 5 scan servers but that will soon double.  I don't have a solution for you, just some tips or things to try.

You could install LS Agents for your WFH folks, create a schedule for the agents that scans the computer multiple times a day (maybe every 5 or 6 hours) so you don't have to worry about when they are working or not.  The agent will send the last scan to the relay server once a day.  Even if they don't connect to VPN, you can still get the scans.

With agents on the computers and all IP ranges being scanned, you could disable AD scanning and monitor to see if you are missing anything.  Remember you can also choose specific OUs and sites to scan versus all of AD.

For IP ranges, make sure you aren't scanning large ranges that are not in use.  I know this is common sense but still worth mentioning.  For example, let's say that you have ranges at 192.168.0.0 - 192.168.5.255 and 192.168.20.0 - 192.168.25.255.  Make those 2 separate scanning ranges, don't make them 1 range like this 192.168.0.0 - 192.168.25.255.  I 've seen it where someone would add the entire range 192.168.0.0/16, just to capture a handful of ranges that are actually in use.

Check your server logs for each scan server to see if there are any major issues.  

Check your scanning queues to see if scanning is being hung up on a single asset.

Run the "IP Location - Scanning Success" report (I believe that is a canned report) to see how many assets are on each range, how many are successfully scanned and how many failed.  You can also see which ranges aren't getting any hits and use that information to clean up IP Locations and the corresponding IP Scanning Targets.  Last, you can also see how many are Undefined.  Click on the Undefined uplink to see which assets and the IP address for each and use that information to create scanning targets for the missing ranges.

Another way to determine which IP ranges you might be missing.  Go to the IP Location menu (Configuration > Asset Groups), click on Import from AD.  You don't have to import them if you don't want to but it allows you to at least see all of the ranges that AD is seeing and you can compare that to your actual scanning targets.  Run this canned report to get a report of all of your scanning targets.  "Scanning: IP range scanning targets"  Again, I believe that is also a canned report but you can get them both from the Report library.

I hope something on this list is useful to you, good luck.