Discover SCCM workflow errors with "Authentication failure with the local MID server service credential"Description<!-- div.margin{ padding: 10px 40px 40px 30px; } table.tocTable{ border: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } table.noteTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:2; } table.internaltable { white-space:nowrap; text-align:left; border-width: 1px; border-collapse: collapse; font-size:14px; width: 85%; } table.internaltable th { border-width: 1px; padding: 5px; border-style: solid; border-color: rgb(245, 245, 245); background-color: rgb(245, 245, 245); } table.internaltable td { border-width: 1px; padding: 5px; border-style: solid; border-color: #E0E0E0; color: #000000; } .title { color: #D1232B; font-weight:normal; font-size:28px; } h1{ color: #D1232B; font-weight:normal; font-size:21px; margin-bottom:-5px } h2{ color: #646464; font-weight:bold; font-size:18px; } h3{ color: #000000; font-weight:BOLD; font-size:16px; text-decoration:underline; } h4{ color: #646464; font-weight:BOLD; font-size:15px; text-decoration:; } h5{ color: #000000; font-weight:BOLD; font-size:13px; text-decoration:; } h6{ color: #000000; font-weight:BOLD; font-size:14px; text-decoration:; } ul{ list-style: disc outside none; margin-left: 0; } li { padding-left: 1em; } --> Symptoms Navigate to Client Software Distribution > SCCM Server Instances2. Select the instance and click Discover Now UI Action3. Navigate to Workflow Contexts and find the newly started ContextThe ecc queue input record will show the below error: <error>Authentication failure with the local MID server service credential</error><debug_info>2018-07-20 12:49:51 Tried Credential: name=SCCM Credentials, affinity: no, status=failed, sysid=67614c5e0f618b009fbe9bd692050e5b, username=#######, type=Windows, order=100 2018-07-20 12:49:55 Tried credential: MID service account, status=failed The mid server log after enabling debug shows the following message: 07/23/18 14:11:09 (097) Worker-Standard:PowershellProbe DEBUG: Executing command: C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer '######' -script 'E:\Service-Now\#####\scripts\PowerShell\SCCM\GetApplications.ps1' 'use_mid_service_account' $false -useCred $true -ismid $false -isDiscovery $false -debug $true -logInfo $false; exit $LASTEXITCODE}" 07/23/18 14:11:09 (097) Worker-Standard:PowershellProbe DEBUG: With credential: #### 07/23/18 14:11:09 (097) Worker-Standard:PowershellProbe DEBUG: Thread name is Powershell is executing... 07/23/18 14:11:09 (581) Gobbling stdout: Powershell is executing... Gobbled: 07/23/18 14:11:09 (581) Gobbling stdout: Powershell is executing... Gobbled: testCredentialSCCM 07/23/18 14:11:09 (581) Gobbling stdout: Powershell is executing... Gobbled: testNoCredentialAccessSCCM 07/23/18 14:11:09 (581) Gobbling stdout: Powershell is executing... Gobbled: entered usecred calling testCredentialSCCM 07/23/18 14:11:09 (581) Gobbling stdout: Powershell is executing... Gobbled: Entered testCredentialSCCM 07/23/18 14:11:09 (612) Gobbling stdout: Powershell is executing... Gobbled: buildng cred object in getCredential function 07/23/18 14:11:09 (628) Gobbling stdout: Powershell is executing... Gobbled: returned from getCredential function call with cred object 07/23/18 14:11:09 (628) Gobbling stdout: Powershell is executing... Gobbled: new PSSession check done 07/23/18 14:11:09 (940) ConnectionCacheTickler Monitoring active connections 07/23/18 14:11:09 (956) Gobbling stdout: Powershell is executing... Gobbled: new session created 07/23/18 14:11:09 (956) Gobbling stdout: Powershell is executing... Gobbled: Session is not NULL 07/23/18 14:11:09 (972) Gobbling stdout: Powershell is executing... Gobbled: Invalid credential for SCCM, system exceptio 07/23/18 14:11:09 (987) Worker-Standard:PowershellProbe DEBUG: The exit value from waitFor() is 1 07/23/18 14:11:12 (056) Worker-Standard:PowershellProbe DEBUG: Execution status: failed 07/23/18 14:11:12 (056) Worker-Standard:PowershellProbe SEVERE *** ERROR *** Authentication failure with the user #### 07/23/18 14:11:12 (213) Worker-Standard:PowershellProbe DEBUG: Authentication failure(s) with available Windows credentials from the instance. Credentials tried: #### 07/23/18 14:11:12 (213) Worker-Standard:PowershellProbe DEBUG: Windows credentials all failed... Attempting to use the local MID server service credential. 07/23/18 14:11:12 (400) Worker-Standard:PowershellProbe DEBUG: Executing command: C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer 'J####' -script 'C:\Windows\TEMP\GetApplications.ps16618465176369652466.PS1' 'use_mid_service_account' $false -useCred $false -ismid $false -isDiscovery $false -debug $true -logInfo $false; exit $LASTEXITCODE}" CauseIn Kingston during the credential test stage, we create a powershell remote session using configuration microsoft.powershell32 from MID server to target SCCM server. Then we import the module ConfigurationManager.psd1, which will load PSDrive with provider "CMSite". If the execution policy is restricted then it will fail.ResolutionVerify that the execution policy is unrestricted on the SCCM server. You can do so by using the following command: RDP session to SCCM server and try the below command: enter-pssession -computername servername -configurationname microsoft.powershell32 get-executionpolicy If this shows restricted please change this to unrestricted.Inorder to do so use :set-executionpolicy unrestricted. Also check: Even though the environment variable appeared to be set in SCCM server, seems that it wasn't picked up.logging onto the SCCM host with that user and explicitly connecting a powershell session was the fix.There is a step that does similar (https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/orchestration/task/t-config-SCCM-deployment-manager.html) but is dependant on the user having access/knowing where the SCCM console can be kicked off from.