- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-20-2019 12:17 PM
New to discovery, and stumped by this issue.
Consider:
- midserver1 and midserver2. both have parameter mid.powershell.local_mid_service_credential_fallback set to false.
- midserver1 service is running as account cmdb_discovery.
- midserver2 service is running as local system account.
- credential windows_creds contains cmdb_discovery as login name and a password. there are other windows credentials out there, too, but windows_creds has a lower order number.
When I attempt discovery of a windows server using midserver1, discovery is successful. The horizontal patterm works, and the powershell probe works, too.
But, when I attempt discovery of the same windows server using midserver2, discovery fails. The horizontal pattern discovery is successful, but the Powershell probe fails with authentication issue (Authentication failure with the local MID server service credential).
If I modify midserver2 to also run under the cmdb_discovery account, discovery is successful. Why are the powershell probes not using the correct credentials?
Here's the debug output from the ecc queue input record of the failed powershell probe:
Authentication failure with the local MID server service credential.</error><error>Failed to access target system. Please check credentials and firewall settings on the target system to ensure accessibility: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))</error><debug_info>{"debug_info":[{"11.123.123.123":{"creds_failed_trying_local_mid_cred":true,"credentials_attempted":[{"credential_type":"Windows","credential_name":"windows_creds","credential_matches_affinity":true,"credential_order":"80","credential_success":false,"credential_id":"d63af7fadbe0f78040696cf3ca961930"},{"credential_type":"Windows","credential_name":"other_windows_creds","credential_matches_affinity":false,"credential_order":"100","credential_success":false,"credential_id":"c5d5141613a03200a287b9422244b012"}],"local_mid_credential_success":false,"connection_parameters":{"affinity_credential_id":"d63af7fadbe0f78040696cf3ca961930","credential_types":["Windows"],"target":"11.123.123.123"}}}]}
Any insight is appreciated! Thanks!
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-21-2019 12:23 PM
Yes, I can run that command and get the appropriate results.
I believe I have tracked this down, however, to not a problem with the credentials.
Rather, the powershell script being called, I believe, is a custom script. The script executes a command, but doesn't include any credentials in the arguments. So, that should mean its running under localsystem account, and hence the failure.
I'll have to ensure credentials are being passed to the powershell script, and that the script picks them up and passes them as arguments
And that's a whole 'nother subject.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-21-2019 12:23 PM
Yes, I can run that command and get the appropriate results.
I believe I have tracked this down, however, to not a problem with the credentials.
Rather, the powershell script being called, I believe, is a custom script. The script executes a command, but doesn't include any credentials in the arguments. So, that should mean its running under localsystem account, and hence the failure.
I'll have to ensure credentials are being passed to the powershell script, and that the script picks them up and passes them as arguments
And that's a whole 'nother subject.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-22-2024 12:37 AM
See a potential solution I've posted in https://www.servicenow.com/community/itom-forum/powershell-using-cred/m-p/2836287/highlight/true#M11...
