Azure Discovery for China

mihhail
Tera Contributor

‎11-15-2023 06:04 AM

Hello everyone,

I am trying to configure an Azure Discovery for China, however encounter the following error right after I configure the Service Principal record and press the 'Discover Subscriptions' UI action:

Discovery Subscription Error : Failed to execute API - Fetching token failed, status code: 403, response body: <!DOCTYPE html>

 (script_include:AzureAPIInvoker; line 40)

Due to this error I am unable to discover the subscriptions and proceed with creating schedules etc.

I have been trying to deal with this issue for quite a while now and have been through most of what is available online, unfortunately have not been successful. 

 

I am aware that ServiceNow ITOM products have not been officially certified or supported against Germany and China regions, and Azure for China has its own physically isolated instances of Azure. Therefore, I have added the necessary MID Server properties for that per https://www.servicenow.com/community/itom-blog/azure-government-and-azure-national-cloud-region-support-for/ba-p/227287,  but this did not make a difference and the error is exactly the same. Also, I have confirmed with the Azure admin from China all the needed permissions have been correctly granted.

 

 

Here are some other articles that we have been through:

https://docs.servicenow.com/bundle/vancouver-it-operations-management/page/product/cloud-management-...

https://support.servicenow.com/kb_view.do?sysparm_article=KB0723531

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal

 

I would appreciate any advice on this topic! 🙂

0 Helpfuls
  • 949 Views
5 REPLIES 5

SiD2
ServiceNow Employee
ServiceNow Employee

‎11-16-2023 12:10 AM

Hi @mihhail 

 

I got to know that we support discovery for azure china too.

In service account record you need to enter proper data center url and mid server should be able to access the URL.

 

If you have done this and still see above error, I would suggest to check from an alternative tools [Ex: Postman] with same credential from the same mid server and check if its working.

 

Please mark Helpful / Accept Solution so that it helps others with similar questions.
0 Helpfuls

mihhail
Tera Contributor
In response to SiD2

‎11-17-2023 05:14 AM

Hello Sid! Thanks for your response!

The thing is that I am not getting to the point where the Service Account is needed. The error happens on credential-level, right after I save the Service Principal (discovery_credentials) record and press 'Discover Subscriptions'

 

My understanding is that creating the Service Principal (discovery_credentials table) record and creating the Service Account (cmdb_ci_cloud_service_account table) are two consecutive steps and need to be executed one after the other. 

0 Helpfuls

SiD2
ServiceNow Employee
ServiceNow Employee
In response to mihhail

‎11-17-2023 09:16 AM

Hi @mihhail 

 

Not sure why those UI actions exist but that is not the right way to do cloud discovery. Please follow the below steps in sequence:

1. Install if Patterns store app is not installed and check if you have completed CAPI to Pattern migration, if not please do this first.

2. First create cred record in discovery_credentials table with all details.

3. Create service account record with proper data center url such that mid has access.

4. Now open discovery schedules page and click Cloud Discovery button and further follow the page navigations to create the schedule and start discovering.

 

Please mark Helpful / Accept Solution so that it helps others with similar questions.
0 Helpfuls

mihhail
Tera Contributor
In response to SiD2

‎11-27-2023 11:03 PM

Hello again SiD,

I did follow the steps in the sequence you suggested, but it fails on the Datacenters steps with this error:

mihhail_0-1701155013989.png

 

 

0 Helpfuls