Microsoft CA Discovery Failing

Go to solution
Robert80
Kilo Guru

‎01-31-2023 08:55 PM

Colleagues

 

I am unable to get a Microsoft CA discovery schedule working correctly. Debugging the pattern shows that:

  • Step 3 - Run certutil command produces an empty template_arry variable.
  • Step 4 - Failover step for run certutil has the output: response attribute does not exist in the table.
  • Step 8 - Populate certificate table has the output: Line attribute does not exist in the table.

The end result is an empty CertResults variable which means nothing is discovered and the discovery fails. I have confirmed the Windows credentials in the instance work on the target server. The Discovery Schedule is configured like this:

  • Name: [Name]
  • Discover: Certificates
  • Certificate Discovery Type: CA Trust Discovery
  • MID Server selection method: Specific MID Server
  • MID server: [MID Server].

The Serverless Execution Pattern is configured like this:

  • template_list: All or a specific OID (no change is results)
  • IP: IP address of the CA server
  • start_offset:1.

I'd be grateful for any assistance.

 

0 Helpfuls
  • 1,883 Views
1 ACCEPTED SOLUTION

Go to solution
The SN Nerd
Giga Sage
Giga Sage

‎06-26-2023 06:59 PM

I had the same issue and had to add the server as a proxy host as per this work instruction

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1096137

This is missing from all the documentation...


ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

View solution in original post

12 REPLIES 12

Go to solution
hdr
Tera Contributor

‎06-27-2023 12:08 AM

Test the suggested method that was successful for others.

No luck.

The weird thing is that it tries to connect using SSH according to the error:  Failed to retrieve remote data: Failed to establish SSH connection to 10.1....

 

What seems to work is setting to Local Script execution mode

hdr_0-1687849664431.png

 

0 Helpfuls

Go to solution
The SN Nerd
Giga Sage
Giga Sage

‎06-27-2023 12:13 AM

I currently have a case open to understand why the Microsoft CA Certificate pattern isn't launching when the server is discovered normally. 
Setting up a serverless pattern is supposed to be "optional" according to the documentation.


ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
0 Helpfuls

Go to solution
Soudamini
Tera Contributor
In response to The SN Nerd

‎08-21-2023 05:00 AM

Was there any explanation provided for the case you raised?

0 Helpfuls

Go to solution
The SN Nerd
Giga Sage
Giga Sage
In response to Soudamini

‎11-07-2023 05:51 PM

The documentation has been updated to reflect that it is not triggered by horizontal discovery OOB


ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
0 Helpfuls

Go to solution
Vivek kumar10
Tera Expert

‎09-06-2023 08:35 AM

is it possible to discover the "Microsoft certificate" via discovery if host machine where the certificates are hosted is not getting discovered ?

0 Helpfuls