Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2020 10:58 AM
Hi,
When am trying to validate the azure service account am getting the error -
Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched. "
============================================
"message" : "2020-11-04 13:45:09: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111)",
==============================================
Please find the below log:
{
"name" : "Discovery Log",
"status" : "FAILURE",
"children" : [ {
"name" : "Pre Pattern Execution",
"id" : "pre_pattern_execution_script",
"status" : "SUCCESS",
"level" : 2,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Getting pre pattern execution data generated by script."
}, {
}, {
"message" : "2020-11-04 13:45:08: setAttribute(build_relation_from_host_sys_id,false)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(no_relation,true)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(pattern_runtime_mode,horizontal)",
"severity" : "DEBUG"
} ],
"type" : "NONE"
}, {
"name" : "Selecting Pattern for Execution",
"id" : "set_pattern_name",
"status" : "SUCCESS",
"level" : 2,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Pattern: Azure Service account"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(pattern,Azure Service account)",
"severity" : "DEBUG"
} ],
"type" : "NONE"
}, {
"name" : "Azure Subscription identification",
"status" : "TERMINATION",
"children" : [ {
"name" : "Create Service Account From Input Params",
"status" : "SUCCESS",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Library 'Create Service Account From Input Params' executing",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Create service account table if doesn't exist",
"status" : "NOP",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Step condition is false. step not executed.",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Add credentials and account ID to service account table if don't exist",
"status" : "NOP",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Step condition is false. step not executed.",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Verify account ID",
"status" : "SUCCESS",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Get Azure Subscriptions",
"status" : "MIXED",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 13:45:08: setAttribute(headers,)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(method,GET)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(formatted,true)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(body,)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(url,https://management.azure.com/subscriptions?api-version=2016-06-01)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(headers,null)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(body,null)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:09: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111)",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:09: Execution time: 407 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Verify if we have any valid response",
"status" : "TERMINATION",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 13:45:09: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
} ],
"level" : 2,
"type" : "IDENTIFICATION_SECTION_TYPE"
}, {
"name" : "discovery",
"id" : "discovery",
"status" : "FAILURE",
"children" : [ {
"name" : "Check Processing Success",
"id" : "Check Processing Success",
"status" : "FAILURE",
"level" : 3,
"messages" : [ {
"message" : "2020-11-04 10:45:10: Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched. "
} ],
"type" : "NONE"
} ],
"level" : 2,
"type" : "NONE"
} ],
"level" : 0,
"messages" : [ {
"message" : "2020-11-04 13:45:08: Task is running on MID server VWUNOWAPP101_AD",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(cmdb_ci_cloud_service_account,[{}])",
"severity" : "DEBUG"
}, {
"message" : "2020-11-04 13:45:08: setAttribute(cmdb_ci_cloud_service_account,[{}])",
"severity" : "DEBUG"
} ],
"type" : "NONE"
}
Any thoughts why the error and unable to validate the service account.
Thanks in Advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2020 09:15 AM
- if you have valid certificate then export certificate in DER mode from browser
- add it to System Definition --> Certificates and run discovery again
if above one doesn't work try this:
- In the instance, navigate to MID Server > Properties.
- Add a configuration parameter and set its value as follows:
- Name glide.outbound.sslv3.disabled
- Value true
https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/disable-outbound-ssl.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 03:59 AM
Added a configuration parameter as suggested, but no luck still same issue.
- Name glide.outbound.sslv3.disabled
- Value true
regarding certificate,
Why it needed the certificate we already passing the credentials, do it still need the azure certificate?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2020 06:52 PM
i observed it while discovering azure kubernetes even though credentials and config was proper but it was giving ssl handshake error it got resolved after adding certificate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2020 11:49 AM
Identification Engine: Discovery status is FAILURE, Identification sections in pattern failed: section: Azure Subscription identification, error: Match step predicate is not matched. "
============================================
"message" : "2020-11-04 13:45:09: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: Failed to execute cloud request. Reason: SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain. (script_include:AzureApiCommand; line 111)",
The Above errors say there is no MID server available to execute the Discovery.
- Verify if the MID server used for the Cloud Discovery has all the required Capabilities and Supported Application.
- Make sure there are no MIDSelectorAPI are configured for the MID Server.
- Domain Separation Issues: Verify if the Azure credential, Azure Service Account and the MID server which have the capabilities are in the same domain.
