ServiceNow / Other third party tools intermittently fails to retrieve alerts from VMware Aria Operations (formerly vRealize Operations) using the MID Server connector. This results in inconsistent alert ingestion and failure of automated incident creation workflows.
Symptoms observed in the ServiceNow MID Server agent.log:

• Script: Acquire Token Failed JSON.parse
• TypeError: Cannot read property 'ops:resourceKey' from undefined
• failed to run 3PC java.lang.ClassCastException

• Software: VMware Aria Operations (Aria Ops / vRealize Operations) 8.18.6
• Integration: ServiceNow Yokohama (vRealize Connector)
• Components: ServiceNow MID Server, NSX-T Load Balancer (SNAT enabled)
• Identity Management: VMware Identity Manager (vIDM)

The root cause is an excessive and concurrent volume of authentication token acquisition requests (/suite-api/api/auth/token/acquire) being sent from the ServiceNow MID Server using a single vIDM account.
NSX Load Balancer packet captures revealed a highly aggressive connection rate—approximately 1,600 new TCP connections within a 7-minute window. Making multiple parallel authentication attempts using the same vIDM account creates conflicts during the Aria Operations authentication process. This overwhelms the authentication flow, leading to intermittent token generation failures. ServiceNow interprets these failed responses as empty payloads, triggering the JSON.parse error in the integration script.

There is no product defect in Aria Operations; the application is responding correctly to the excessive load. The resolution must be implemented on the ServiceNow integration side:

• Implement Token Caching: Review and modify the ServiceNow MID Server scripts/workflows to cache and reuse the authentication token until it expires, rather than requesting a new token for every API call.
• Identify Source of Volume: Audit ServiceNow workflows and custom scripts to determine why a high volume of concurrent requests is being generated.
• Validate Account Type: If high-frequency polling is required, ensure the script logic is optimized to avoid parallel token acquisition attempts for the same account.

• Log Verification: Check the Aria Operations localhost_access_log.txt to confirm if traffic is arriving from a single SNAT IP (e.g., Load Balancer IP) and hitting the /auth/token/acquire endpoint repeatedly.
• Network Impact: While the TCP connection (Port 443) may remain successful, the Layer 7 (HTTP) response body will arrive empty (0 bytes) when the authentication conflict occurs.