Troubleshooting

To collect logs for ServiceNow Mid Server instances, follow these steps:

  1. Check the Logs file of MID Server in case of failures. Logs are stored at <Mid Server installation path> / agent/log/.

  2. Select the wrapper.log file to be shared.

    Ensure the log level is configured to 4 to capture detailed logs, especially when validating credentials.

  3. Review the wrapper.log file for any debug messages or errors related to the issue.

Certificate Errors

If you see failures in validating credentials, review the MID Server’s agent log. If you find errors referring to PKIX path failures, the SSL certificate for Secret Server needs to be imported into the Java Keystore for the MID Server agent, see the Adding SSL Certificate to MidServer for more details.

PKIX Errors Example Log:

alt

If the Credential Resolver is not working, use the following solutions.

  • External Credential storage ServiceNow instance plugin: After adding External Credential storage plugins to ServiceNow instance, sometimes user can’t see the checkbox for External Credential Store plugin on credentials page (ServiceNow instance > Discovery > Credentials). To solve this problem, wait and refresh at regular intervals.

  • Authentication fails: Check the following if authentication fails.

    • Correct the credentials of a Secret in Secret Server or the Delinea Platform.
    • The user in configuration file should have a View permission under Secret > Sharing in Secret Server.
    • Check the permissions of the Secret Server user that was used in the configuration file. The user should have an Application Account with at least View Launcher Password permission.

    • Check the Secret Server or Delinea Platform ss_or_platform_url , ss_or_platform_auth_str parameters in the config.xml file.

    • Verify the credentials you entered when running the DelineaMidServerSetupUtility jar file.

  • Timeout Exception: If network issues occur, a user might experience a timeout exception. If this happens, check the network and restart the MID Server and validate it again.

  • Invalid target specified: During the test if the user receives an invalid target specified message, do the following:

    • Check the hostname or the IP address of a Secret in SecretServer or Delinea Platform.
    • Use the IP address entered while testing the credential. Make sure it is correct and the machine credential is in the Secret Server template.

  • Version Mismatch: If the user has a version mismatch, upgrade MID Server because the ServiceNow instance was upgraded to a higher version.

  • Unable to decrypt the credential: The encrypted string copied from the command prompt to config.xml failed to decrypt.

    • Run the DelineaMidServerSetupUtility jar file on the same server as the Mid Server.

    • Ensure tags are copied correctly.

  • Unable to run the DelineaMidServerSetupUtility JAR file:

    Use "Java -version" command.to ensure that Java 11 or higher is installed on your machine.

  •  Debugging Tips:
    • If the plugin is not working, check the MID Server Logs file. Check to see that all configurations of config.xml file are correct.
    • Check the user permission in Secret Server or in the Delinea Platform for the user which is configured in MID Server config.xml file (MID Server path/agent/config.xml).
    • Check all the Secret details in the Secret, (for example, passwords and machine details).