Outbound Web Services - Troubleshooting GuideIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Contents 1. Issue — What This Article Covers2. Quick Symptom Triage3. The Outbound Call Lifecycle4. Universal Diagnostic Checklist5. Common Issue Categories 5.1 Connection Failures & TLS Errors5.2 Authentication & Authorization Failures5.3 Timeouts & Slow Responses5.4 Endpoint Errors (4xx/5xx) 6. How to Enable and Read Outbound HTTP Logs7. HTTP Status Code Quick Reference8. Related Articles 1. Issue — What This Article Covers Outbound web service calls originate from your ServiceNow instance and are sent to a third-party endpoint. This article is the starting point for troubleshooting any failure in that direction — whether the call never reaches the endpoint, returns an unexpected response, times out, or fails partway through a MID Server routing path. Symptoms covered: No response, connection refused, or socket timeout (HTTP 0 or -1).TLS/certificate handshake errors.401 Unauthorized or 403 Forbidden returned by the endpoint.Slow responses or calls timing out before completion.4xx or 5xx error codes returned by the remote endpoint.MID Server ECC queue not processing the request. How to use this article This is a hub article. Start with the Quick Symptom Triage in Section 2, then follow the link to the relevant deep-dive article. 2. Quick Symptom Triage Match your symptom on the left, read the article on the right. The diagram below walks the same logic visually. What you're seeing Most likely cause Read this HTTP 0 or -1, socket timeout, connection refused Endpoint unreachable, firewall block, DNS failure Section 5.1 below, plus Outbound Web Services — Connection Failures & TLS Errors TLS handshake error, untrusted certificate, SSL exception Missing or untrusted certificate in sys_certificate or MID Server CACert file Section 5.1 below, plus Outbound Web Services — Connection Failures & TLS Errors 401 Unauthorized returned by endpoint Invalid or expired credentials, missing Authorization header, OAuth token issue Section 5.2 below, plus Outbound Web Services — Authentication & Authorization Failures 403 Forbidden returned by endpoint Insufficient endpoint permissions, OAuth scope mismatch Section 5.2 below, plus Outbound Web Services — Authentication & Authorization Failures Call times out, slow response, MID Server 175-second timeout Endpoint latency, timeout configuration, proxy or load balancer delay Section 5.3 below, plus Outbound Web Services — Timeouts & Slow Responses 400, 500, 502, or 503 returned by endpoint Malformed request body, endpoint-side error, proxy or gateway failure Section 5.4 below, plus Outbound Web Services — Endpoint Errors (4xx/5xx) ECC queue stuck, "No response after 30/60 seconds" error MID Server down or not picking up the probe Section 5.3 below, MID Server section — Outbound Web Services — Timeouts & Slow Responses 3. The Outbound Call Lifecycle Every outbound call follows one of two paths depending on whether a MID Server is involved. Identifying which path your call takes narrows the diagnostic surface immediately. Direct path (no MID Server) A script or Flow Designer step calls execute() or executeAsync() on a RESTMessageV2 or SOAPMessageV2 object.The instance sends the HTTP request directly over the public internet to the third-party endpoint.The endpoint processes the request and returns an HTTP response.The response is returned to the calling script or flow step. Via MID Server A script or Flow Designer step calls execute() or executeAsync().An Output RESTProbe or SOAPProbe record is inserted into the ECC Queue.The MID Server polls the ECC Queue and picks up the probe record.The MID Server sends the HTTP request to the third-party endpoint.The endpoint processes the request and returns an HTTP response to the MID Server.The MID Server wraps the response and inserts an Input RESTProbe or SOAPProbe record back into the ECC Queue.The instance reads the Input ECC Queue record and returns the response to the calling script or flow step. Where failures cluster Path Steps where failures cluster Failure type Direct Steps 2–3 Network, firewall, TLS, or endpoint-side failures. The call left ServiceNow but did not succeed at the destination. MID Server Steps 2–3 ECC Queue processing failures. The call never left ServiceNow. MID Server Steps 4–5 Network, firewall, TLS, or endpoint-side failures. The call left the MID Server but did not succeed at the destination. Direct & MID Server Step 4 (Direct) / Step 6 (MID) Auth failures. The endpoint received the call but rejected the credentials. 4. Universal Diagnostic Checklist Capture these items before clicking into any deep-dive article. Having them ready resolves most cases at first touch. Outbound HTTP log record. Navigate to Filter Navigator → Outbound HTTP Requests (sys_outbound_http_log). Filter by URL contains your endpoint URL. Open the record and check the Request and Response tabs. Note the Response Status and Response Time fields.Transaction ID. From the same log record, copy the Transaction ID. The first 12 characters identify the transaction in the node logs.Node hostname. From the Source tab of the log record, note the System ID — this is the node that processed the call.MID Server involvement. Confirm whether the call routes through a MID Server. Check the ECC Queue (ecc_queue) for a matching RESTProbe or SOAPProbe record if unsure.Auth type. Note the authentication type configured on the REST or SOAP message record — Basic, OAuth, Mutual Auth, or API Key.External test. Run the same request from Postman or cURL outside ServiceNow using the same credentials and endpoint. If it fails externally too, the issue is on the endpoint side, not in ServiceNow. Enable debug logging if no log record appears If you navigate to Outbound HTTP Requests and cannot find a record for the failing call, logging may not be enabled. See Section 6 to enable it. If logging is enabled and no record appears, the call is not being executed — check the script or flow step configuration before the HTTP call is made. 5. Common Issue Categories Short summaries below. The deep-dive articles are where actual diagnosis happens. 5.1 Connection Failures & TLS Errors When: The call returns HTTP 0 or -1, a socket timeout, a connection refused error, or a TLS/SSL handshake exception. The Outbound HTTP log may show no response body at all. Common causes: Endpoint unreachable from the instance IP range, firewall blocking outbound traffic, DNS resolution failure, missing or untrusted SSL certificate. MID Server note: If the call routes through a MID Server, the connectivity check is from the MID Server host machine — not the ServiceNow instance. Confirm the endpoint is reachable from the MID Server host directly before investigating the instance configuration. Next: Outbound Web Services — Connection Failures & TLS Errors 5.2 Authentication & Authorization Failures When: The endpoint returns 401 Unauthorized or 403 Forbidden. The call reached the endpoint successfully but was rejected at the auth layer. Common causes: Invalid or expired credentials, missing Authorization header in the outbound request, OAuth token not refreshing, incorrect OAuth scope, Mutual Auth certificate mismatch. Quick check: Inspect the Request tab in the Outbound HTTP log. Confirm the Authorization header is present and populated. If it is absent, the auth profile is misconfigured on the ServiceNow side. MID Server note: If routing through a MID Server, also check the MID Server agent logs for any auth-related errors that may not surface in the Outbound HTTP log. Next: Outbound Web Services — Authentication & Authorization Failures 5.3 Timeouts & Slow Responses When: The call takes longer than expected, returns no response within the configured timeout window, or the Outbound HTTP log shows a high Response Time value. Common causes: Endpoint processing slowly, large payload, proxy or load balancer delay, synchronous call timeout configuration, MID Server 175-second hard timeout on outbound probes. Quick check: Review the Response Time field in sys_outbound_http_log. A high value with a successful status means the endpoint is slow. A zero or null value with a failure means the connection never completed. MID Server note: MID Server outbound calls have a hard default timeout of 175 seconds. This is independent of the instance-side timeout configuration. If the endpoint does not respond within 175 seconds, the MID Server cancels the call regardless of what is configured on the instance. Next: Outbound Web Services — Timeouts & Slow Responses 5.4 Endpoint Errors (4xx/5xx) When: The endpoint returns a 400, 500, 502, or 503. The call reached the endpoint and received a response, but the response signals a failure on the endpoint side. Common causes: Malformed request body (400), endpoint-side exception (500), proxy or gateway failure between the MID Server and the endpoint (502/503). Quick check: Run the same request from Postman or cURL using identical headers and body. If the same error is returned outside ServiceNow, the issue is on the endpoint side. If Postman succeeds, compare the request headers and body in the Outbound HTTP log against what Postman sends. MID Server note: A 502 or 503 can originate from a proxy sitting between the MID Server and the endpoint rather than from the endpoint itself. Check the MID Server agent logs for the full error chain. Next: Outbound Web Services — Endpoint Errors (4xx/5xx) 6. How to Enable and Read Outbound HTTP Logs All outbound calls from the instance — except calls executed by the MID Server itself — are recorded in the Outbound HTTP log (sys_outbound_http_log). This is the first place to look for any outbound failure. Enabling verbose logging For calls made via a configured REST or SOAP message record: Navigate to the REST or SOAP message record under System Web Services → Outbound.Select the method.Under Related Links, select Set HTTP Log Level → All.Re-run the failing call.Navigate to Filter Navigator → Outbound HTTP Requests to view the full request and response. For calls made via Flow Designer spokes or inline script: Set the following system properties at Filter Navigator → sys_properties.list. These are global properties that affect all outbound web service logging — disable them once logs are captured. glide.outbound_http_log.override = trueglide.outbound_http_log.override.level = allglide.outbound_http.content.max_limit = 1000 Note The global log override properties affect every outbound web service call on the instance, not just the one you are investigating. Set them, capture the logs for the failing call, and then revert them immediately to avoid excessive log growth. Reading the log record Open a record in sys_outbound_http_log and review the following tabs: Request tab — full outbound request including headers, Authorization header, and request body.Response tab — full response from the endpoint including HTTP status code and response body.Source tab — node hostname (System ID) and Session ID for tracing the call to node logs. Tracing to node logs From the log record, copy the Transaction ID.Take the first 12 characters — this is the TXID used in the node logs.Search for this TXID in Splunk (production) or bssh (sub-production) on the node identified in the Source tab System ID field. 7. HTTP Status Code Quick Reference Match the code, jump to the section. Code Meaning What to do 0 or -1 No response — connection never completed Check network path, firewall, and DNS. See Section 5.1. 400 Bad Request — endpoint rejected the request body or URL Check request body format and endpoint URL. See Section 5.4. 401 Unauthorized — credentials missing or rejected by endpoint Check auth profile and Authorization header in the Request tab. See Section 5.2. 403 Forbidden — credentials valid but insufficient permissions at endpoint Check endpoint permissions and OAuth scopes. See Section 5.2. 500 Internal Server Error — endpoint-side failure Test with Postman to confirm issue is on the endpoint side. See Section 5.4. 502 Bad Gateway — proxy or gateway between caller and endpoint returned an error Check proxy and load balancer configuration. See Section 5.4. 503 Service Unavailable — endpoint temporarily unavailable Retry with backoff. If sustained, see Section 5.4. 8. Related Articles KB3067060 - Outbound Web Services — Connection Failures & TLS ErrorsKB3067106 - Outbound Web Services — Authentication & Authorization FailuresKB3067152 - Outbound Web Services — Timeouts & Slow ResponsesKB3067183 - Outbound Web Services — Endpoint Errors (4xx/5xx)KB1695665 — Landing page for Web Services (Outbound)KB0694711 — RESTMessageV2 and SOAPMessageV2 execute() vs executeAsync()KB0960404 — MID Server Landing Page Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } . Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Outbound Web Services Logs: KB0998511 - Capturing localhost logs for Outbound Web Service issues