Fix on-call calendar subscription issues with AD accounts in ServiceNowIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } When you use Active Directory (AD) credentials with on-call calendar subscription links in ServiceNow, the system repeatedly prompts for authentication and fails to download the calendar invite. Go to On-Call Scheduling > My Group schedules.Open the list of scheduled groups.Select Send Subscriptions.When you receive the on-call calendar subscription email, select the Subscription link.A credentials popup window appears. When you enter your AD credentials, the system continues to prompt for authentication and fails to download the calendar XML file. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Beginning with London release Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } When you select the subscription URL from the on-call calendar subscription email, the system makes an API call that only supports basic authentication. The API call path follows this format: /api/now/on_call_rota/rotaUserICalendar/11e7bd5adb0a7f00e75d4672399619e7/5f3c836bdb3784d0d11ac19115961959/555accfb1b74c0106fdf7510cd4bcb8e Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } After provicing the D credentials, the error in the instance app node logs shows a 401 response code with the message "LDAP Auth through MID server is not supported" and "Basic authentication failed for user." �2020-04-12 22:19:07 (653) Default-thread-4 SYSTEM txid=fa968fc3db00 WARNING *** WARNING *** LDAP: LDAP Auth through MID server is not supported!2020-04-12 22:19:07 (692) Default-thread-4 SYSTEM txid=fa968fc3db00 Logging event: SNC.Auth.LDAP.Login.Failed with parm1: user_name=xyz and parm2: ldapconfigsysid=879256771bec3f006fdf7510cd4bcbea,remoteAddr=157.46.230.1412020-04-12 22:19:07 (692) Default-thread-4 SYSTEM txid=fa968fc3db00 *** Script: Basic authentication failed for user: xyz2020-04-12 22:19:07 (693) Default-thread-4 SYSTEM txid=fa968fc3db00 WARNING *** WARNING *** Failed authorization by script include 'BasicAuth'2020-04-12 22:19:07 (694) Default-thread-4 SYSTEM txid=fa968fc3db00 #700809 [REST API] RESTAPIProcessor : User Not Authenticated2020-04-12 22:19:07 (694) Default-thread-4 SYSTEM txid=fa968fc3db00 DEBUG: Session inactivity timeout changed for unauthorized session. Inactive_interval=300 seconds2020-04-12 22:19:07 (694) Default-thread-4 SYSTEM txid=fa968fc3db00 *** End #700809 /api/now/on_call_rota/rotaUserICalendar/11e7bd5adb0a7f00e75d4672399619e7/5f3c836bdb3784d0d11ac19115961959/555accfb1b74c0106fdf7510cd4bcb8e, user: guest, total time: 0:00:00.000, processing time: 0:00:00.000, SQL time: 0:00:00.020 (count: 24), business rule: 0:00:00.000 (count: 2), source: 157.46.230.141 , type:rest, method:null, api_name:null, resource:null, version:null, user_id:5136503cc611227c0183e96598c4f706, response_status:401 This API call only supports basic authentication. If SSO is in use, basic authentication is still required to subscribe with the URL.This is working as expected. According to ServiceNow documentation on configuring and sending on-call calendar subscription URLs: The subscription URL supports only basic authentication, not AD authentication.You must use your ServiceNow instance credentials (username and password) to authenticate, not your AD credentials.Even if SSO is enabled on your instance, basic authentication is still required for calendar subscriptions.Only the Calendar application on Mac OS X 8.0 or later and Outlook on Windows 2013 or later support basic authentication for calendar subscriptions.