Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched.

RamSagar
Tera Guru

Hi,

When am trying to validate the azure service account am getting the error -

Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched.  "

============================================

    "message" : "2020-11-04 13:45:09: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111)",

==============================================

Please find the below log:

{
  "name" : "Discovery Log",
  "status" : "FAILURE",
  "children" : [ {
    "name" : "Pre Pattern Execution",
    "id" : "pre_pattern_execution_script",
    "status" : "SUCCESS",
    "level" : 2,
    "messages" : [ {
      "message" : "2020-11-04 13:45:08: Getting pre pattern execution data generated by script."
    }, {
 
    }, {
      "message" : "2020-11-04 13:45:08: setAttribute(build_relation_from_host_sys_id,false)",
      "severity" : "DEBUG"
    }, {
      "message" : "2020-11-04 13:45:08: setAttribute(no_relation,true)",
      "severity" : "DEBUG"
    }, {
      "message" : "2020-11-04 13:45:08: setAttribute(pattern_runtime_mode,horizontal)",
      "severity" : "DEBUG"
    } ],
    "type" : "NONE"
  }, {
    "name" : "Selecting Pattern for Execution",
    "id" : "set_pattern_name",
    "status" : "SUCCESS",
    "level" : 2,
    "messages" : [ {
      "message" : "2020-11-04 13:45:08: Pattern: Azure Service account"
    }, {
      "message" : "2020-11-04 13:45:08: setAttribute(pattern,Azure Service account)",
      "severity" : "DEBUG"
    } ],
    "type" : "NONE"
  }, {
    "name" : "Azure Subscription identification",
    "status" : "TERMINATION",
    "children" : [ {
      "name" : "Create Service Account From Input Params",
      "status" : "SUCCESS",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 13:45:08: Library 'Create Service Account From Input Params' executing",
        "severity" : "DEBUG"
      } ],
      "type" : "STEP_TYPE"
    }, {
      "name" : "Create service account table if doesn't exist",
      "status" : "NOP",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 13:45:08: Step condition is false. step not executed.",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: Execution time: 0 ms",
        "severity" : "DEBUG"
      } ],
      "type" : "STEP_TYPE"
    }, {
      "name" : "Add credentials and account ID to service account table if don't exist",
      "status" : "NOP",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 13:45:08: Step condition is false. step not executed.",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: Execution time: 0 ms",
        "severity" : "DEBUG"
      } ],
      "type" : "STEP_TYPE"
    }, {
      "name" : "Verify account ID",
      "status" : "SUCCESS",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 13:45:08: Execution time: 0 ms",
        "severity" : "DEBUG"
      } ],
      "type" : "STEP_TYPE"
    }, {
      "name" : "Get Azure Subscriptions",
      "status" : "MIXED",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 13:45:08: setAttribute(headers,)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: setAttribute(method,GET)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: setAttribute(formatted,true)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: setAttribute(body,)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: setAttribute(url,https://management.azure.com/subscriptions?api-version=2016-06-01)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: setAttribute(headers,null)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:08: setAttribute(body,null)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:09: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111)",
        "severity" : "DEBUG"
      }, {
        "message" : "2020-11-04 13:45:09: Execution time: 407 ms",
        "severity" : "DEBUG"
      } ],
      "type" : "STEP_TYPE"
    }, {
      "name" : "Verify if we have any valid response",
      "status" : "TERMINATION",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 13:45:09: Execution time: 0 ms",
        "severity" : "DEBUG"
      } ],
      "type" : "STEP_TYPE"
    } ],
    "level" : 2,
    "type" : "IDENTIFICATION_SECTION_TYPE"
  }, {
    "name" : "discovery",
    "id" : "discovery",
    "status" : "FAILURE",
    "children" : [ {
      "name" : "Check Processing Success",
      "id" : "Check Processing Success",
      "status" : "FAILURE",
      "level" : 3,
      "messages" : [ {
        "message" : "2020-11-04 10:45:10: Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched.  "
      } ],
      "type" : "NONE"
    } ],
    "level" : 2,
    "type" : "NONE"
  } ],
  "level" : 0,
  "messages" : [ {
    "message" : "2020-11-04 13:45:08: Task is running on MID server VWUNOWAPP101_AD",
    "severity" : "DEBUG"
  }, {
    "message" : "2020-11-04 13:45:08: setAttribute(cmdb_ci_cloud_service_account,[{}])",
    "severity" : "DEBUG"
  }, {
    "message" : "2020-11-04 13:45:08: setAttribute(cmdb_ci_cloud_service_account,[{}])",
    "severity" : "DEBUG"
  } ],
  "type" : "NONE"
}

Any thoughts why the error and unable to validate the service account.

Thanks in Advance

14 REPLIES 14

Venky VA
ServiceNow Employee
ServiceNow Employee
  1. if you have valid certificate then export certificate in DER mode from browser
  2. add it to System Definition --> Certificates and run discovery again

find_real_file.png

 

if above one doesn't work try this:

  1. In the instance, navigate to MID Server > Properties.
  2. Add a configuration parameter and set its value as follows:
    • Name glide.outbound.sslv3.disabled
    • Value true

https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/disable-outbound-ssl.html

Added a configuration parameter as suggested, but no luck still same issue.

  • Name glide.outbound.sslv3.disabled
  • Value true

regarding certificate,

Why it needed the certificate we already passing the credentials, do it still need the azure certificate?

Venky VA
ServiceNow Employee
ServiceNow Employee

i observed it while discovering azure kubernetes even though credentials and config was proper but it was giving ssl handshake error it got resolved after adding certificate.

SriniK
ServiceNow Employee
ServiceNow Employee

Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched.  "

============================================

    "message" : "2020-11-04 13:45:09: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111)",

 

The Above errors say there is no MID server available to execute the Discovery.

 

  1. Verify if the MID server used for the Cloud Discovery has all the required Capabilities and Supported Application.
  2. Make sure there are no MIDSelectorAPI are configured for the MID Server.
  3. Domain Separation Issues: Verify if the Azure credential, Azure Service Account and the MID server which have the capabilities are in the same domain.