Issue in integrating the Microsoft Exchange Online with ServiceNow

Saravanan Kris1 · ‎11-02-2020

Dear All,

I am unable to integrate the Microsoft Exchange Online with ServiceNow. I have provided the App Client Id, Tenant Id, Object ID, Secret Key information in the integration confiuration page. but i am getting the below error message.

1. <?xml version="1.0" encoding="UTF-8"?><results probe_time="3441" result_code="0"><result execution_time="3426" payload_processing_time="0" raw_output_size="0"><output/><error>Connecting to remote server ps.compliance.protection.outlook.com failed with the following error message : The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration. Change the client configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic.
2. HRESULT: [-2144108321]</error><debug_info>2020-11-02 12:04:50 Tried credential: MID service account, status=?
3. </debug_info></result><parameters><parameter name="MIDScriptFile" value="scripts\PowerShell\SecurityApplications\ConnectO365ForEmails.ps1"/><parameter name="agent" value="mid.server.CAZINSIPV009933"/><parameter name="win_protocol" value="wmi"/><parameter name="source" value="127.0.0.1"/><parameter name="skip_sensor" value="true"/><parameter name="sys_id" value="413e79a41b9cac50548ceb9cbc4bcb73"/><parameter name="from_host" value=""/><parameter name="sys_created_on" value="2020-11-02 12:04:49"/><parameter name="credentials_debug" value="true"/><parameter name="sys_domain" value="global"/><parameter name="powershell_false_use_mid_service_account" value="false"/><parameter name="rba_powershell_v2" value="true"/><parameter name="state" value="ready"/><parameter name="probe_name" value="Windows - Powershell"/><parameter name="response_to" value=""/><parameter name="powershell_param_psPassword" value="SNC_ENC_VAL[zFCfeo/vqAKrlAP6uIbBDXjlgL2Z5bNySlwy+nzd6ojkz1k=]"/><parameter name="from_sys_id" value=""/><parameter name="priority" value="2"/><parameter name="agent_correlator" value=""/><parameter name="processed" value=""/><parameter name="error_string" value=""/><parameter name="sequence" value="17588d8794f0000001"/><parameter name="aka" value="10.153.66.164"/><parameter name="name" value="Windows - Powershell"/><parameter name="topic" value="Powershell"/><parameter name="powershell_param_psUsername" value="Sservicenowsoar@cognizant.com"/><parameter name="queue" value="output"/><parameter name="ecc_queue" value="413e79a41b9cac50548ceb9cbc4bcb73"/></parameters></results>

Any help? Please refer the attachment.

Regards

Saravanan K

andy_ojha · ‎11-02-2020

Hey there,

What capabilities have you assigned to your MID Server that will be used here for this integration (you have to use a MID Server, even if you are integrating with Office365).

Have you assigned the 'WinRM Basic Authentication' and 'PowerShell' capabilities to the particular MID Server - or are you using the 'ALL' capabilities?

You can check your MID Server to see if WinRM Basic is enabled - if it's not, you'll need to follow the instructions on the docs page to enable this:

-----------------------------------

Here's the part of the docs you need to follow to configure your Windows MID Server:

The Microsoft recommended procedures for enabling Window Remote Management Basic Authentication can be found here: https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connections
Validate that Windows Remote Management (RM) Basic Authentication is Enabled: To validate that basic authentication is enabled, run the following command:
winrm get winrm/config/client/auth

Reference:

https://docs.servicenow.com/bundle/paris-security-management/page/product/secops-integration-microsoft-exchange-online/task/ms-create-read-write-roles.html

Saravanan Kris1 · ‎11-04-2020

Hello Andy,

Thank You for your heads up on this. I have given the WinRM Basic Authentication and Powershell to MID Server application. But still i am facing the same issue.

Regards

SK

andy_ojha · ‎11-04-2020

Hey there,

How many MID Servers do you have in your instance?
Did you remotely logon to your Windows MID Server and double check that 'WinRM Basic Authentication' is enabled?

For the MID Server you are testing this out on, (the one you granted the capabilities to in ServiceNow -> WinRM Basic Auth, PowerShell) ... -> You will need to make sure it is setup to allow 'WinRM Basic Authentication'.

In order to do that, you'll need to remotely logon to the Windows Server, and run the PowerShell command:

winrm get / winrm/config/client/auth

When you run the PowerShell command above on your MID Server - what is the output?

qcj3 · ‎07-29-2021

Can we avoid using Basic Auth since it's a security risk to the platform and this a Security Tool?

https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000123