MID server service is running, connected to the instance but records is not created
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2023 11:17 AM
Hi ITOM guys,
We've successfully installed new MID server, connected to the instance, user has the needed roles, service acc is good, service is running but no record is created for the MID. Tried logging with the instance user for the MID, has access to ecc_agent table.
- We are able to log into the instance from the host.
- ocsp checks are good.
Here is what the logs are full with:
(StartupSequencer) [UserConfigTest:74] User user_name has all necessary roles
[InstanceConnectivityTest:36] Successfully connected to instance:
(StartupSequencer) [StartupSequencer:768] MID Server is connected to instance host: instance_name using IPversion: IPV4
(StartupSequencer) [HTTPClient:830] Method failed: (https://instance_name/ecc_agent.do?SOAP&displayvalue=all&redirectSupported=true)HTTP/1.1 500 Internal Server Error with code: 500
ERROR (StartupSequencer) [RemoteGlideRecord:928] getRecords failed (com.glide.processors.soap.SOAPProcessingException: Field(s) present in the query do not have permission to be read com.glide.processors.soap.SOAPProcessingException:
[Instance:1222] Unable to connect to instance at https://instance_name/ (Method failed: (https://instance_name/ecc_agent.do?SOAP&displayvalue=all&redirectSupported=true)HTTP/1.1 500 Internal Server Error with code: 500)
Also we don't have any other ACLs on ecc_agent table, MID server role is only required as OOB.
From here the messages are repeating. Any ideas will be highly appreciated!
Regards,
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 01:20 AM
Hi, I reinstalled the MID server again, the only issue I have is that a record is not generated in the instance. What I got from the logs is only the following:
(StartupSequencer) [SoapSecurity: 59] Getting instance ACLs for table: ecc_agent
(StartupSequencer) Method failed: (https://instance_name/ecc_agent.do?SOAP&displayvalue=all&redirectSupported=true)HTTP/1.1 500 Internal Server Error with code: 500
getRecords failed (com.glide.processors.soap.SOAPProcessingException: Field(s) present in the query do not have permission to be read com.glide.processors.soap.SOAPProcessingException:
I checked all the ACLs in the instance and there is only one additional except the OOB one for ecc_agent table for read operation that is requesting a different role. Could the additional one be blocking the mid user from accessing and creating a record due to not being able to validate the second one?
Regards,
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 02:16 AM
Sees its the issue with acl .There is a kb article written for it
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0868537
Regards,
Luxo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 08:30 AM
It was a second ACL created on ecc_agent table with read operator but requesting another role. Once the role was added to the MID user the record got created.
Thanks for the ideas 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 08:54 AM
glad to hear ,issue is fixed.
Would you mind share ,what was the business logic to create custom acl?
Regards,
Luxo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 11:10 PM
Believe me I have no idea, other stream created it for adding a role regarding some integration, but they created the same ACL instead of adding the needed role to the existing one.
Regards,
Mark
