Cookdown SNOW Discovery Error

Cookdown SNOW Discovery

Cookdown SNOW Discovery : Discovery Failed with error The underlying connection was closed:

1015.jpg

Hey Saravanan,

I’ve seen a few different things cause these sorts of problems in PowerShell scripts when querying APIs.

Firstly check to see if you can make the same call from a browser or something like Postman. You might get a more friendly error message. Could be something simple like a time difference of ~ 5 mins throwing things off, for which you’ll get a much nicer error through your browser.

If you’re going through a proxy or a fancy firewall with SSL inspection enabled, you might need to explicitly trust a wonky looking certificate or get an exception put in to ignore that URL.

Check to make sure that TLS 1.2 is enabled on the server and that you can make calls out from PowerShell using it. Doesn’t have to be a call out to ServiceNow specifically, I’ve always enjoyed testing things with the kanye.rest api. See if you get the same errors.

Invoke-RestMethod -Method Get -Uri https://api.taylor.rest

If you’re in a hardened environment you might have strange SChannel issues (required cyphers disabled, etc.). So it might be worth enabling more specific error logging there (https://support.microsoft.com/en-us/help/260729/how-to-enable-schannel-event-logging-in-windows-and-windows-server).

I see you’re also on SCOM 2012 R2. If you’re on an older server/firewall/proxy/etc. it might be as simple as it not having an up to date list of trusted authorities (https://www.theregister.com/2020/06/10/iot_trouble_root_certificates_expire/).

The error is for the servicenow link which is https

Discovery was trying to process https://XXXX.service-now.com

How the link is opening fine on the target machine.

The link API link: https://XXXX.service-now.com/api/now/table/sys_cluster_state opens from Chrome on the agent machine after I enter the credential. And that credential is added as part of runas account under SCOM. However when I run the extracted powershell script from GitHub its throwing the following error
Discovery Failed with error You cannot call a method on a null-valued expression.
Discovery was trying to process https://xxxx.service-now.com/
$sourceID = ‘{00000000-0000-0000-0000-000000000000}’
$managedEntityID = ‘{00000000-0000-0000-0000-000000000000}’
$location = “Paris”
$instanceUrls = “https://xxxxx.service-now.com/”
$computerName = “xxxxx.com
$debugDiscovery = “FALSE”
$snowUserName = “xxxxx”
$snowPassword = “xxxxx”

When running the PowerShell script on the agent machine, I get the error message as

Discovery Failed with error You cannot call a method on a null-valued expression.

So to confirm, the full API link:
https://XXXX.service-now.com/api/now/table/sys_cluster_state (pulled from https://github.com/cookdown/ServiceNow-Monitoring-MP/blob/master/CookdownCommunity.ServiceNow.Monitoring/Discoveries/DiscoverWatchersAndInstances.mpx)
works as you’d expect from the browser and you get the full XML file?
What about when calling from something like Postman or PowerShell?

OK that sounds good, you know that it’s working in Chrome now.
What happens when you call it from PowerShell? [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
Invoke-RESTMethod -Uri ‘https://XXXXXX.service-now.com/api/now/table/sys_cluster_state’ -Headers @{‘Accept’ = ‘application/json’} -Credential (Get-Credential) -Method GET -ErrorAction Stop

When running the script that’s a different error from before. It might not be related to the previous error though. You might want to set a break-point and step through the script until you find where that null is coming from. Does it not give you a line location to focus on? Could be a bug, could just be that something is not set as expected when running outside of the MP. When I call it on an agent machine I don’t get any errors though so I don’t know.

Ignoring the script for a second, what happens if you make just the API call like I suggested in the previous comment?

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-RESTMethod -Uri ‘https://XXXXXX.service-now.com/api/now/table/sys_cluster_state’ -Headers @{‘Accept’ = ‘application/json’} -Credential (Get-Credential) -Method GET -ErrorAction Stop