401 Unauthorized error from Powershell to ServiceNow

Vikram3 · ‎12-23-2020

Hello Experts,

Don't know whether this is a right question asking here. But I need your assistance on this.

There is a powershell script which connects SN to customer_contact table to fetch the record via token concept. I don't know why I am getting below error. I've tried changing the token but still issue persists. Can anybody help me to sort this out.

VERBOSE: Getting customer contacts from SNOW ContactUri: https://{instance_name}.service-now.com/api/now/table/customer_contact?sysparm_query=u_portalenabled_1=yes&sysparm_fields=name,email,u_portalenabled_1,sys_id,active,user_name
VERBOSE: GET https://{instance_name}.service-now.com/api/now/table/customer_contact?sysparm_query=u_portalenabled_1=yes&sysparm_fields=name,email,u_portalenabled_1,sys_id,active,user_name with 0-byte payload
>> TerminatingError(Invoke-WebRequest): "The remote server returned an error: (401) Unauthorized."
>> TerminatingError(LogEvent): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Error retreiving data from the SNOW web service: The remote server returned an error: (401) Unauthorized."

Ankur Bawiskar · ‎12-24-2020

Hi Vikram,

Remember customer_contact table extends sys_user table

Out of the box there are ACLs on customer_contact so those will be evaluated.

Also in your query you are having query on few fields; so the API user should have read Access to those fields as well.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Vikram3 · ‎12-24-2020

I am not sure where to find the user name in powershell script.

$AppObjectId = '3d10eef9-529a-4d0f-a5d9-6d9d24dc5fe7'
$AppRoleName = 'SNOW-GUEST'
$InviteRedirectUrl = 'https://{portal}/login_with_sso.do?glide_sso_id=7cd42bea1bfdfb8059aafcccdd4bcb94'
$ContactUri = 'https://{instance_name}.service-now.com/api/now/table/customer_contact'
$Token = 'wjDWTun_wVNVRcEf-A4BAsQmiHJXjqGuwDFgB6dElv1gjP9fhuQi2VZPiYTXMo6AfL9rlyDRwflX8NlBP2yIw'

$Properties = 'test'

$TenantAdmin = "svc.dirsync@{email}.onmicrosoft.com"
$TenantAdminCredential = '-----BEGIN CMS-----
MIIBvQYJKoZIhvcNAQcDoIIBrjCCAaoCAQAxggFVMIIBUQIBADA5MCUxIzAhBgNVBAMMGnN2Yy5h
Y2NvdW50bWFuQGdvZ29haXIuY29tAhBnDkCCqnJagkdJRHxacP9DMA0GCSqGSIb3DQEBBzAABIIB
AAA48jQJpYnRNMiMYSR93nnKQ9xXWDzPC5iVXa9YV1BdemQsPaxziIfWP+raqcFg9Cbd5Czj+hDf
wAl4hJTgZRreBwSL7e2/UuyF2HBhUyd7MM1P3GIa5Ehqf88lhwDR014dZ9WGL5kUk4uigZWfEF1I
RW1mkRbK+n7oY3J/gxDoGk0deb9kEOdLvaWzYmK9TQW9ZCgvm4ZpqO4fFEV6y4DlVMUFV34McGuW
AtJ0flRYe5kMffXBJ3Nc9FdsEc6xyfpO3BlYYh4154ZHDp2b82/5W5L/+PqE+5NW0vmDmgfnH8Bs
ct+uRp0Bpltv1JBMSCNgl1wXBI1Ne6GNQUE962swTAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQ
K8UN+0sNjkLAuOum3b0ckYAg+vgYt7wntNgWC4LhelkR4bdOsp01CDNqWqf9+91nCeQ=
-----END CMS-----'

$TenantCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $TenantAdmin, (ConvertTo-SecureString -a -f (Unprotect-CmsMessage –To "*{email_id}*" -Content $TenantAdminCredential))

Ankur Bawiskar · ‎12-24-2020

Hi,

Seems you are using OAuth token based authentication.

If the token has expired you will get that type of message and http status code.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Vikram3 · ‎12-24-2020

I've created new token via postman and updated. But still I'm getting

Unprotect-CmsMessage : Keyset does not exist

Ankur Bawiskar · ‎12-24-2020

Hi,

Did you try consuming the endpoint with that token via Postman?

If it works well via postman then issue in how you are calling it from Powershell script

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader