Cloning and retaining HR Integration Sources passwords

MarkWe
Tera Guru

‎12-17-2022 02:32 AM

As part of our Tokyo upgrade we've recently performed a clone from our prod to sub-prod environments.

We've found some strange behaviour that we suspect is linked to the Key Management Framework, but currently only seems to affect the HR Integration Sources.

 

In our Clone profile we exclude and preserve (amongst others) the sn_hr_integrations_source table.
After the clone, we can see that our HR Integration Source with SuccessFactors still correctly contains the SOAP credentials for our sub-prod environment.

 

However, the Integration Jobs fail, due to a bad password,

When we open the HR Integration Source and type in the password and save, the Jobs continue as normal.

 

Since we have a specific username and password for our sub-prod environments, I'm certain that the table-records did not get cloned over.

 

I'm suspecting ServiceNow isn't able to decrypt the password anymore after the clone. 

 

Anyone else experienced the same thing after cloning?
Is there any KMF-table or script that we need to include in the Clone-profile in order to keep this working?

0 Helpfuls
  • 835 Views
4 REPLIES 4

Arav
Tera Guru
Tera Guru

‎12-17-2022 08:40 AM

Hi,

 

I have seen issues reported around KMF. You may want to try repairing the Key Management Framework plugin and check if that helps address the issue. You may have to engage SN support for this.

 

Thanks,

Arav

0 Helpfuls

Community Alums
Not applicable

‎12-17-2022 08:05 PM

Hi @MarkWe ,

After each clone you need to provide the password and save, such that the integration process continues as usual.

 

0 Helpfuls

David Mawer
Mega Expert

‎04-13-2023 02:00 AM

Hi @MarkWe ,

 

We've had a similar situation with a different integration; but also with a MID Server integration breaking because of corrupt passwords in the sys_data_source table.

I haven't tested yet - but I suspect that it's only necessary to "Preserve Data" on the sys_data_source table to fix this.

Then - if a new data source arrives in a target instance; you'll need to type in the password to fix things.

Otherwise (for existing data sources) - the password should remain un-changed.

 

I see that you're already using preserve and exclude; so you probably know how it all works.

 

Just in case it's of any help - here's a good article covering the subtleties of those two concepts: -

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0717012

 

Hope that this helps 😀👍

0 Helpfuls

amanseth31
Tera Contributor

‎05-06-2024 04:26 AM

Hello @MarkWe , Did you found the solution for this ?

0 Helpfuls