SGC SCCM integration issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2024 12:18 PM
Evening all,
I am having an issue with our SCCM integration using the out of the box Service Graph Connector. This appears to be a credentials issue but our SCCM team swear blind everything is right. When I do a test pull on a data source I get the following error: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
When I untick "integrated authentication" I get the following error: MID Server reported error: SQLState: null
java.sql.SQLException: com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'ourconnection-GLOBAL\SVC_SCCM_SNOWSQLRO'. ClientConnectionId:569e61bd-8f68-4aba-8640-5129070efdde
com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:262)
Before I really push back on it being a creds issue can anyone shed some light on what it might be ServiceNow end?
Thanks
JAck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2024 02:40 AM
Hi @Jack62 Check with the Mid server status if is down you get this error.
Mark this Helpful !!. If this Helps you to understand. This will help both the community and me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2024 08:31 AM
Hey, thanks for the response. I can confirm the mid server is up and responding. Could there be anything else ServiceNow side causing this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2024 09:17 AM
If you are using Integrated Authentication on the data source then the MID Server should be running using domain ID and the same domain ID should be configured on the SQL Server database for read-only access.
In your case, if the SQL Server is configured to use user 'ourconnection-GLOBAL\SVC_SCCM_SNOWSQLRO', then the MID Server Windows service should be running using the same ID.
Regards,
Sharad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2025 02:04 AM
Has anyone managed to use integrated AD authentication with an account that's not the MID server service account?
SCCM team don't want local account on the DB server for security reasons, and have granted rights to an AD account that we have the credentials for but crucially it's not the same one that our MID server runs under (MID server service accounts for our discovery MID are very locked down as to what they can log into).
It seems odd that there isn't an obvious way to tell the SCCM SGC which AD account to use for integrated authentication, and that in theory if we managed to get some security exceptions we'd need the DB to grant the read rights to the AD account of each of our MID servers that may initiate the JDBC connection.
