Skip to main content

ServiceNow dynatraceapi user getting locked out...what happened behind the scenes

 From ServiceNow Support:



Investigation Summary:
- login fails for today 221when I reviewed:


-DynatraceAPI user


KB1008050 - Specify lockout for failed login attempts
- audit list of locked out for user DynatraceAPI


- every 15mins 'system' unlocks the user account then 'Guest Guest' locks
- As per documentation:
Uses the value of the glide.user.max_unlock_attempts property to set the limit for failed login attempts.
Unlocks the user account after the time period that is specified for the glide.user.unlock_timeout_in_mins property. If no value is specified, then the system unlocks the user account after the default period of 15 minutes.
- SGO-Dynatrace (active) - no related tasks as flow seems to have ACL error


- Flow error:

https://<INSTANCE>.service-now.com/$flow-designer.do?sysparm_nostack=true#/operations/context/11ec55fb0dc35dd01aab2a0ea225ff19


- I see many attempts for the REST calls with response code 401 which we can assume when the user is locked e.g :
Nov 15 17:15:55 adc03a adcv2_ministryofju766_lhr100[6395]: [adcv2_access] src=35.178.107.162 vip=148.139.13.31 instance=xxxxxx node=10.172.128.18:16011 method=POST

uri=/api/sn_em_connector/em/inbound_event?source=SGO-Dynatrace

reqtime=0.013 rtt32=9322 uct=0.000 uht=0.012 urt=0.012 us=401 rescode=401 ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256 ssl_protocol=TLSv1.2 ua="ruxit server" ssib=0 h=h1
- When the user is unlocked I see the following error message:
API_INT-thread-4 SYSTEM txid=3258dd3f1b43 Background message, type:error, message: Password must contain at least 1 uppercase letter(s).

Next Steps:
- Can you disable SGO-Dynatrace and see if you still get the lockouts
- Can you check your user password for DynatraceAPI although it still appears to authenticate.
- I will check if there are any known issue particularly for multiple sub-prod instances all connecting to a common Dynatrace sub prod,

Notes:

SGO-Dynatrace (alert management rule) was modified to include a customised sub-flow, but the alerts/incidents continued to create after it was disabled . Querying whether it can just be disabled OR better still, identify the culprit ACL and add the dynatraceapi user to the ACL permissions?

Comments

Post a Comment

Popular posts from this blog

ServiceNow check for null or nil or empty (or not)

Haven't tested these all recently within global/local scopes, so feel free to have a play! option 1 use an encoded query embedded in the GlideRecord , e.g.  var grProf = new GlideRecord ( 'x_cls_clear_skye_i_profile' ); grProf . addQuery ( 'status=1^ owner=NULL ' ); grProf . query (); even better use the glideRecord  addNotNullQuery or addNullQuery option 2 JSUtil.nil / notNil (this might be the most powerful. See this link ) example: if ( current . operation () == 'insert' && JSUtil . notNil ( current . parent ) && ! current . work_effort . nil ())  option 3 there might be times when you need to get inside the GlideRecord and perform the check there, for example if the code goes down 2 optional routes depending on null / not null can use gs.nil : var grAppr = new GlideRecord ( 'sysapproval_approver' ); var grUser = new GlideRecord ( 'sys_user' ); if ( grUser . get ( 'sys_id' , current . approver )){...
Post a Comment
Read more

Code a pause/wait - gs.sleep or gs.wait alternative, pause script for specified seconds (timer)

Code a pause/wait - gs.sleep / gs.wait alternative, pause script for specified seconds (timer)  e.g. 10 seconds: do_sleep ( 10000 ); function do_sleep ( milliseconds ) { var start = new Date (). getTime (); for ( var i = 0 ; i < 1e7 ; i ++) { if (( new Date (). getTime () - start ) > milliseconds ){ gs . print ( 'waking up!' ); break ; } } }
Post a Comment
Read more