- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2017 09:07 AM
Hello, community
I have a following problem - I'm trying to run Discovery for a 2012 R2 Standard Windows server inside of a DMZ. Server is located in a WorkGroup, not in a Domain.
I made sure, that both DMZ and local firewalls include exception for MID server, 443 port is enabled, remote UAC and local UAC are disabled, local admin account is being used for connection.
I've set up a MID server directely on the discovered server, validated it in my ServiceNow instance. Then, I've created a record in Credentials menu to store server access credentials. When I try to Test credentials - I get Authentification fail message. I've tried all possible combinations of credentials:
workgroup\username;
workgroup.\username;
computername\username;
computername.\username;
.\username;
\username;
username;
Trying to ping server IP address attempts from command promt works fine, and connecting to the server through Telnet is successfull.
Neither of options work to test credentials.
But the most odd thing is that when I run Quick Discovery using server's IP address - discovery process runs successfully.
Question: What am I doing wrong with credentials test? Why do I get Authentification error, but am still able to perform server's discovery?
Thank you.
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-31-2017 01:41 PM
Hi Michael,
We had the same issue. We were able to resolve this. When testing credentials, ensure the user is a member of the local admin group on the target host and the target host can't be same as the host where the MID server installed. If it is the same you will get failures, which will seem like the user doesn't have access, when it, in fact, does.
Please mark as helpful or correct based on impact.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-31-2017 01:41 PM
Hi Michael,
We had the same issue. We were able to resolve this. When testing credentials, ensure the user is a member of the local admin group on the target host and the target host can't be same as the host where the MID server installed. If it is the same you will get failures, which will seem like the user doesn't have access, when it, in fact, does.
Please mark as helpful or correct based on impact.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2017 12:14 AM
The logic is simple. You can not run WMI commands locally with credential parameters.
For example, you can run the below command with out an issue in MID server
get-wmiobject win32_computersystem | select Manufacturer,Model
But when you run the same command with credential you will get an error.
get-wmiobject win32_computersystem -Computer localhost -credential Domain\username | select Manufacturer,Model
This is the reason credential test is failing when you test it in MID Server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2017 03:28 AM
Thanks, Vivek
What you have described makes sence, the bad thig is that ServiceNow docs do not warn about such a limitation and when implementing we end up with a confusion.
I've noted that down to avoid such confusions in the future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2017 03:27 AM
Thank you, Geethika
Indeed, the case is as you described - the MID server for Discovery has been installed on the target host. I was not aware that such a case could have caused the issue with credentials test, but still allow to run Discovery.
I'll request a separate host for MID server install inside of a DMZ upon your suggestion.
