Notifications

1402 views

Description

Cloning may cause orphaned records in the discovery_credentials table, even if there is a data preserver set up on the target instance, as well as the table being added to the excluded tables list on the source instance. This should mean that the table does not get touched at all during the clone, however, it is causing orphaned records.

Symptoms include those listed in the article below:
KB0719158 Discovery Credentials - Orphaned cause "SEVERE *** ERROR *** An error occurred while decrypting credentials from instance"

Steps to Reproduce

  1. Create discovery credentials on your source instance.
  2. Create discovery credentials on your target instance.
  3. Preserve only the Credentials [discovery_credentials] table, and none of the child tables.
  4. Clone from your source instance to your target instance. 
  5. After the clone has completed, browse discovery_credentials records on your target instance.
  6. Viewing the 'Record not found' message when trying to open a credential shows orphaned records have been generated. 

 

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available..

The workaround consists in creating a Data Preserver record for each of the following tables:

LabelNameExtends table
Credentialsdiscovery_credentials 
Ansible Tower Credentialssn_cfg_ansible_credentialsCredentials
API Key Credentialsapi_key_credentialsCredentials
Applicative Credentialssa_applicative_credentialsCredentials
AWS Credentialsaws_credentialsCredentials
Azure Enterprise Agreement Credentialsea_azure_credentialsCredentials
Basic Auth Credentialsbasic_auth_credentialsCredentials
Chef Server Credentialssn_cfg_chef_credentialsCredentials
CIM Credentialscim_credentialsCredentials
Cloud Management Credentialcloud_credentialCredentials
Azure Service Principalazure_service_principalCloud Management Credential
Cloud Mgmt Credentialscmdb_cloud_mgmt_credentialsCredentials
CloudFoundry Credentialssn_itom_pattern_pcf_credentialsCredentials
CMP Node Credentialsn_cmp_node_credentialsCredentials
CMP SSH Key Pairsn_cmp_ssh_credentialsCredentials
Google API Credentialsgcp_credentialsCredentials
IBM Credentialsibm_credentialsCredentials
Infoblox Credentialssn_cmp_infoblox_credentialsCredentials
JDBC Credentialsjdbc_credentialsCredentials
JMS Credentialsjms_credentialsCredentials
Kubernetes Credentialssn_itom_pattern_kubernetes_credentialsCredentials
OAuth 2.0 Credentialsoauth_2_0_credentialsCredentials
OpenStack Credentialsopenstack_credentialsCredentials
SNMP Community Credentials (Password Only)snmp_credentialsCredentials
SNMPv3 Credentialssnmpv3_credentialsCredentials
SSH Credentialsssh_credentialsCredentials
SSH Private Key Credentialsssh_private_key_credentialsCredentials
VMware Credentialsvmware_credentialsCredentials
Windows Credentialswindows_credentialsCredentials

 

Note: This list is from a New York Patch 2 instance that has most ITOM- and Integrations-related plugins installed. Your instance may not have some of those, or maybe additional ones. The following URL will list all the tables for your instance.

https://<instance_name>.service-now.com/sys_db_object_list.do?sysparm_query=super_class%3De39e3bcbdb8db7406f9e3200ad96192c%5EORsuper_class.super_class%3De39e3bcbdb8db7406f9e3200ad96192c%5EORsuper_class.super_class.super_class%3De39e3bcbdb8db7406f9e3200ad96192c%5EORname%3Ddiscovery_credentials&sysparm_view=


 Please follow the steps below:

  1. Verify that the Discovery plugin is installed.
  2. In the Navigator, search for Credentials.
    3. Verify there are a variety of credential types (SSH, Windows, SNMP).
    4. On the source instance of a clone, type Preserve Data.
    5. Select Preserve Data under Clone Definition.
    6. Click on the New button.
    7. Name your preserver (i.e. SNMP to preserve the SNMP credentials).
    8. In the filter, type Credential, which should filter for all but the unusual names like Azure Service Principal and CMP SSH Key Pair, which would need a different filter)
    9. Notice a host of tables, which are extensions of discovery_credentials, show up as suggestions.
    10. Select the table for each type of credential (i.e. snmp_credentials to preserve the SNMP credentials).
    11. Save the Preserver.
    12. Repeat steps 6 to 11 for each distinct type of credential you use, and so need to preserve to avoid this problem. Although it would be safest to add preservers for all listed, only the ones you actually have records in must be preserved.
    13. Go to your source instance and Request a clone using the target instance where you defined the new data preservers for each type of credential.
    14. When the clone is complete, return to the Credentials list on the target instance.
    15. Select one of the credentials. Notice the record will have been preserved and there are no orphaned records.

Note: When creating credentials on one instance, you should export the discovery credentials data using XML Export and import them into your other instances using XML Import. This will prevent creating the same discovery credentials data with different sys_ids.


Related Problem: PRB1305469

Seen In

Fuji Patch 11
Fuji Patch 9 Hot Fix 1
Geneva Patch 1
Geneva Patch 5
Geneva Patch 6
Geneva Patch 7
Helsinki Patch 4
Helsinki Patch 6 Hot Fix 1
Helsinki Patch 7
SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - Audit Management PA Content - Madrid 2019 Q1
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - GRC Workbench - New York 2019 Q3
SR - IRM - PA Premium Integration - New York 2019 Q3
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Policy and Compliance PA Content - Madrid 2019 Q1
SR - IRM - Risk Management - New York 2019 Q3
SR - IRM - Risk Management PA Content - Madrid 2019 Q1
SR - IRM - SIG Assessment Legacy - Madrid 2019 Q1
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - ITBM - Agile 2.0 Dashboards v1.0
SR - ITBM - Scrum Dashboards Common v1.0
SR - ITOM - CMDB CI Class Models - 201908
SR - ITOM - Discovery and Service Mapping - 201908
SR - ITOM - Discovery and Service Mapping - v1.0.35
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Security Incident Response PA Content - New York 2019 Q3
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Tanium Integration - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - VR - Qualys - New York 2019 Q3
SR - VR - Solution Management Madrid Q2
SR - VR - Vulnerability Response - New York 2019 Q3

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-10-18 06:55:21
Published:2019-10-11