Microsoft CA Discovery Failing

Robert80 · ‎01-31-2023

Colleagues

I am unable to get a Microsoft CA discovery schedule working correctly. Debugging the pattern shows that:

Step 3 - Run certutil command produces an empty template_arry variable.
Step 4 - Failover step for run certutil has the output: response attribute does not exist in the table.
Step 8 - Populate certificate table has the output: Line attribute does not exist in the table.

The end result is an empty CertResults variable which means nothing is discovered and the discovery fails. I have confirmed the Windows credentials in the instance work on the target server. The Discovery Schedule is configured like this:

Name: [Name]
Discover: Certificates
Certificate Discovery Type: CA Trust Discovery
MID Server selection method: Specific MID Server
MID server: [MID Server].

The Serverless Execution Pattern is configured like this:

template_list: All or a specific OID (no change is results)
IP: IP address of the CA server
start_offset:1.

I'd be grateful for any assistance.

The SN Nerd · ‎06-26-2023

I had the same issue and had to add the server as a proxy host as per this work instruction

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1096137

This is missing from all the documentation...

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

View solution in original post

The SN Nerd · ‎11-07-2023

You can discover the certificate either via the CA, external CA, or standard horizontal discovery. You only get the relationship via horizontal discovery.

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

Marcio Olivieri · ‎11-07-2023

Hi all, did you manage to fix these issues?

The SN Nerd · ‎11-07-2023

We had further issues with expiry date and size limits that we eventually solved via support and future discovery schedule updates.

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022