Unable to receive events from Aria Operations into ServiceNow
search cancel

Unable to receive events from Aria Operations into ServiceNow

book

Article ID: 377995

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The ServiceNow script retrieves data from Aria Operations through an API call successfully, but it suddenly stops fetching new events.
ServiceNow displays the following error:


2024-09-05 11:45:38 ERROR (Worker-Interactive: Connector Probe-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) [SLF4JLog: 213] Invalid challenge: Basic org.apache.commons.httpclient.auth.MalformedChallengeException: Invalid challenge: Basic
at org.apache.commons.httpclient.auth.AuthChallenge Parser.extractParams (AuthChallenge Parser.java:98)
at org.apache.commons.httpclient.auth.BasicScheme.processChallenge (BasicScheme.java:112)
at org.apache.commons.httpclient.auth. AuthChallenge Processor.processChallenge (AuthChallenge Processor.java:164)
at org.apache.commons.httpclient.HttpMethodDirector.processWWWAuthChallenge (HttpMethodDirector.java:695)
at org.apache.commons.httpclient.HttpMethodDirector.processAuthenticationResponse (HttpMethodDirector.java:669) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod (HttpMethodDirector.java:194)


The analytics.log file in Aria Operations displays the following error related to credentials used in service now for authentication however user will be present in:


[41974] 2024-09-05T06:18:01,672+0000 WARN [ServerConnection on port 10000 Thread 15] com.vmware.vcops.auth.server.util.AuthUtils.searchUserByNameAndSourceId No user found with username: xxxxxxx and sourceId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and username-sourceId=xxxxxxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
analytics.audit-xxxx-xxxx-xxxx-xxxxxxxxxxxx [41975] 2024-09-05T06:18:01, 672+0000 WARN [ServerConnection on port 10000 Thread 15]
com.vmware.vcops.auth.server.util.AuthUtils.searchUser Search User: No user exists with userName: xxxxxxx and sourceId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx [41976] 2024-09-05T06:18:01,865+0000 WARN [ServerConnection on port 10000 Thread 15]
com.vmware.vcops.auth.server.util.AuthUtils.searchUserByNameAndSourceId No user found with username: xxxxxxx and sourceId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and username-sourceId=xxxxxxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Environment

VMware Aria Operations 8.18

Cause

The ServiceNow OAuth API issues refresh tokens with a default 8,640,000 seconds (100 days) lifespan. As a result, the ServiceNow Securlet will not be able to fetch new information after the refresh token lifespan ends.

Resolution

Deactivating and reactivating the ServiceNow Securlet resets the refresh lifespan.

Additionally, the ServiceNow admin can set the Refresh Token Lifespan to a very large number to ensures the Refresh token does not expire every 100 days.

Additional Information

The refresh token issue is a known limitation on ServiceNow side. ServiceNow didn't give us much feedback on this.

The expiration period can be extended from the "ServiceNow" side as per the steps provided above.

Review with your internal Security Team to make sure that the period set complies with the internal policies and business requirements.

Powered by Wolken Software