List of Checks for Instance TroubleshooterSummaryPLEASE NOTE: Beginning with the Now Platform® Xanadu release planned for September 2024, we will no longer deploy or activate the application listed below to new instances. It will remain active in your instance, including when you upgrade to a new release family.Beginning with the Now Platform® Yokohama release planned for March 2025, we will end support for the application listed below. While it will remain active in your instance, including when you upgrade to a new release family, we will not be able to support it. Instance Troubleshooter, a free store application, helps ServiceNow instance administrators to resolve issues on their instance by themselves. This application can detect issues in the instance across several product categories. When the administrator invokes the troubleshooter, each product troubleshooter runs one or more checks and reports its findings with detailed information and links to resolving the issues by themselves. This KB article does not go into detail about this application. Please view KB0870978 - Instance Troubleshooter User Guide to get a full description of the application. This KB article lists all the checks in versions 1 to 3.1 of the Instance Troubleshooter application. Note that the checks introduced in version 3.1 are marked with (new). Categories Access ControlAuthenticationCloneCore PlatformCurrencyDiscoveryEmailForms and FieldsImport/ExportMID ServerMobilePerformancePerformance AnalyticsReportingService CatalogService PortalSLAUser ExperienceWorkflow Access Control PriorityShort DescriptionDescription 2 - High ACLs without roles or condition or scripts may cause unintended results ACLs without roles or condition or scripts may allow unintended users to update/delete/create/read records. 2 - High ACLs using getRowCount may cause performance issues ACLs using GlideRecord's getRowCount property may cause performance issues when working on tables with a high record count. 2 - High High Security Settings plugin is disabled on the instance. The High-security plugin sets more secure defaults. This should be activated. However, due to its impact on the whole instance security/accesses, testing should be completed on a sub-prod instance before enabling your production instance. Authentication PriorityShort DescriptionDescription 1 - Critical SAML 2.0 certificate is either missing the X509 data or invalid If a user is trying to login and the error "Could not find a digital signature in the inbound SAMLResponse" appears in the system logs, then the certificate must be validated or updated. 2 - HighLDAP Authentication checkIf LDAP Authentication is enabled but the LDAP Servers are using MID Servers for connection, then LDAP Authentication is not supported.If all LDAP Servers on the instance use a MID Server, then LDAP Authentication can be safely disabled.Otherwise, it needs to remain enabled as the LDAP Servers that do not use a MID Server may be used for LDAP Authentication.2 - HighX.509 Cert for SAML Authentication checkMulti-Provider SSO Identity Provider records should have Metadata URL populated. A lot of SSO related cases are due to Certificate Mismatch. Having the metadata URL populated will allow the instance to automatically fetch/update the certificate every 30 minutes. If the SSO provider is reachable and has a metadata URL, this should be populated.2 - HighIdP certificate has changed or expiredIf the IdP certificate has changed or expired the IdP certificate should be updated on the ServiceNow instance to match the one updated on the Identity Provider end.2 - HighAuto Redirect IdP is enabled and SSO is downIf instance has 'Auto Redirect IdP' enabled and if Identity Provider is down or having issues, users automatically get redirected to the IdP login page without having an option to login using local DB login.2 - HighCloning from this instance will overwrite SAML SSO on the targetIf the Integration - Multiple Provider Single Sign-On Installer [com.snc.integration.sso.multi.installer] plugin is activated on the source, the Identity Provider [saml2_update1_properties] table should be excluded from the clone and the glide.authenticate.sso.redirect.idp should be preserved. Otherwise, users will not be able to login to the target instance after the clone.2 - HighIdentify invalid Multi SSO configuration in the instanceYou can set one IdP as the primary IdP to which new users are automatically redirected when they access the base instance URL. You can also set one IdP as the default IdP.Checking if the property (glide.authenticate.sso.redirect.idp) is linked to a valid identity provider record.3 - Moderate (new)New LDAP Server Record Producer is missingNew LDAP Server Record Producer is missing. This record producer is required in order to create new LDAP Server records.4 - LowChecks if CMS is properly configured for SSOThis checks if cms pages are configured for SSO. By default, cms pages are public and will not use SSO. If SSO is desired for cms pages, please apply the suggested resolution. Clone PriorityShort DescriptionDescription 3 - Moderate Check if clone target set to true for prod instance. The property glide.db.clone.allow_clone_target for production instances is default set to false, but in some scenarios it can be set to true to clone over the production instance but then not reverted after the clone.We have detected that this instance property is set to true. 3 - Moderate Cannot exclude database views Database views are not physical tables, they are virtual tables built from connecting other physical tables. Therefore to exclude data you need to exclude from those tables, not the database view. 3 - Moderate Clone: Check for invalid/Incorrect Clone Targets Running a simple API check to validate if the clone target returns a response or not. If we do not receive a response this is flagged as a potential invalid clone target. 3 - Moderate Tables to not exclude in clone Checks for specific tables that should not be excluded in the clone engine. Core Platform PriorityShort DescriptionDescription 1 - Critical JSON script include should be functional JSON script include should exist and be functional. Some of fundamental features including clone do not work without it. 1 - CriticalEscape HTML should be enabledA malicious user can inject HTML code within the form field to execute unwanted scripts on different client/user sessions if the property "glide.ui.escape_html_list_field" to false1 - CriticalRestrict unauthenticated access to imagesUse the glide.image_provider.security_enabled property to control the security settings for images. If set to true, images are visible only to authenticated and authorized users. If set to false, images are visible to anyone with a URL to the attachment.1 - CriticalChange mangagement Cancel UI action doesn't workAfter upgrading to Quebec Patch 0 or 1, the Cancel UI action doesn't work if the "Change Management Best Practice - Jakarta" is not installed2 - HighCheck if text index is running on a table or hasn't been run.Checking all the text indexes on instance to detect which ones have not been indexed or currently being indexed.2 - HighLanguage picker is not showing options to selectEven when at least one language plugin is active, the language picker does not show the choices.2 - HighAttachment name should not contain '&'If attachment name contains any special character like '&', after attaching it converts to &. This can cause issues if we are searching by file name2 - HighChecks for PRB1437770This check will determine if sys_security_acl.do?sys_id=90029ca10a0a0b440114ffbb79bfe100 contains the following roles: report_scheduler, report_global, report_publisher, report_group as per PRB1437770.2 - HighEnabling debug properties may cause performance issues.Debug properties should be enabled when performing system testing in the instance, post that these properties should be set to false. Enabling these properties could unnecessarily bloat the size of the database and cause disk size issues.2 - HighBackground script to identify fields which are being superfluously text indexedThe ServiceNow platform uses the Zing engine to perform text indexing and text searching of data held in various tables and fields within an instance. Out of box the platform text indexes a number of fields which are generally not useful for text searching (as users are unlikely to ever search for the type of values they contain). In large instances this can cause:* A large number of text_index events to be created * Underlying text index tables to grow extremely large * Degradation to text search performance * Degradation to text index rebuild performance (should a text index need to be regenerated - for example following a clone) A much better approach is to:* Define the types of fields which are generally superfluous to text index either because they contain data which users are unlikely to text search against (i.e. duration) or simply contain a small set of repeated values (i.e. sys_class_name) * Walk all tables in a given table hierarchy looking for fields which are one of the above types and where text indexing is currently enabled * Corresponding fields can then have text indexing disabled (if applicable) without needing to go through repeat iterations of reviewing text_index records in the sysevent table2 - HighPerformance issues while accessing User recordsIf last_login. and last_login_time fields are audited, then the activity on the user record increases over time which will result in slowness when accessing the user record2 - HighUsers noticing page refreshUser preference home_refresh defines the number of seconds after which the page is forced to reload for a User.2 - HighNo User has Security_admin roleCheck if there is at least one security admin in the instance2 - HighLonger session time out, may cause performance issuesThe default system user session timeout is 30 minutes, increasing this value could cause performance issues.2 - HighUnsupported globals and API in Portal client scriptsUsing certain globals and APIs in Client scripts is not compatible with Service Portal / Mobile. Using these APIs won't work as expected as they do in Platform UI.2 - HighCheck to ensure glide.ui.escape_text is set to trueThe recommended value for the system property glide.ui.escape_text is: true. This property will escape xml and ensure that browsers do not parse or execute potentially malicious javascript embedded in untrusted data.2 - HighCheck if default admin is inactive in instanceMany jobs/events/processors in the instance have Run as default System administrator which might fail if the admin is inactive/locked out2 - HighLarge attachment size, May cause performance issuesThe default maximum size limit for an attachment file that can be added to a record in the ServiceNow platform is 1024 MB for an out-of-box instance. Large attachments can sometimes cause performance issues on the system and unnecessarily bloat the size of the database.2 - HighCheck for invalid roles, groups and inheritanceScan through user-related tables to find any records that are invalid and broken.EG: Empty roles assigned to groupsEmpty roles assigned to a userRoles assigned to an invalid user. 3 - ModerateUsing operator (^NQ) in encoded queries causes incorrect reference links in theWhen using the operator ^NQ in an encoded query within a business rule, the results appear in the list view, but the reference links are not correct. A filter on a business rule that has a query with the operator ^NQ (second level condition) is applied only on the first part of the query. Although the business rule works correctly in the list, if a filter like Active=true is added, the filter is applied only on the first part of the query (before the ^NQ).3 - ModerateUnable to edit sysauto_script in QuebecHappens because the following ACL on the table level has the admin overrides unchecked.3 - ModerateEnforce strict user image uploadUse the glide.security.strict.user_image_upload property to enable Access Control for the upload/update of a profile picture when performed on a user record. This setting opens the possibility of an unauthorized user uploading an image to another user's profile. When you set this property to false, an authenticated user could upload an image to another user's account without authorization.3 - ModerateCheck to ensure the system timezone is not inactive on the instanceIf the system timezone is inactive, users may be unable to select a timezone in the general system settings. Alternatively, duplicate timezones may be displayed for some users (PRB1448481).3 - ModerateDatabase debugging on - may cause performance issues.Having this property on causes many logs to be printed in our localhost logs - it may cause performacne issue. We strong recommend setting this off.3 - ModerateCheck if property glide.set_x_frame_options is set to the recommend value: trueServiceNow recommends setting the system property glide.set_x_frame_options to true. This will prevent content from being embedded in iframes and protect against clickjacking attacks. While the recommended value is true, do note that if you're using a 3rd party integration that renders your ServiceNow content in an iframe, you may wish to set the value to false.3 - ModerateImportant deleter jobs should be enabledKey deleter jobs should be enabled like 'Table Cleaner' and 'Import Set Deleter' should be enabled to ensure the relevant tables are kept as trimmed as necessary. Should these jobs remain disabled for a long time, the tables will grow to be very large and transaction performance will decrease over time. This can also lead to disk space capacity issues as the instance is not cleaning up the temporary/transient records.3 - ModerateCheck for activity stream on sys_user tableThis check will determine if the activity stream is added to the sys_user form. This can cause user records to load slowly.3 - ModerateClient Scripts defined on the Global tableA global client script is any client script where the selected table is Global. Global client scripts have no table restrictions; therefore they will load on every page in the system introducing browser load delay in the process. There is no benefit to loading this kind of scripts on every page3 - Moderate (new)Verify there are no Orphan records for Connection [sys_connection] table Verify there are no Orphan records for Connection [sys_connection] table. Navigating to sys_connection table shows a list of records. However, any attempts to open up the records fail with the error 'Target Record Not Found'. This issue may happen after a clone that that was done recently. 4 - LowRollback option is available on fix script form.The Fix scripts module is very handy to run scripts on your instance. One thing that is hidden in the record for rollback functionality, out of the box the rollback option is not on the form.If on the form you can check the box and make it so you can record the fix script in the rollback engine and roll back completely if any issues.4 - Low (new)Check if "Clean Expired Rollback Contexts" is active.If rollback are not cleaned up, shadow tables can grow extremely big, it would cause degrated performance when deleting records from the tables and longer altering time. Currency PriorityShort DescriptionDescription 4 - Low Multi currency mode enabled validate records are using correct currency Multi-currency mode enabled validate records are using the correct currency 4 - Low Validate exchange rates exist for active currencies Validate exchange rates exist for active currencies. This does not cover the fx_currency type. 4 - Low (new) Single currency mode - validate currency records match locale Single currency mode is enabled. Checking to validate records are using the correct currency 4 - Low (new) Single currency mode - validate price records match locale Single currency mode enabled validate records are using correct currency Discovery PriorityShort DescriptionDescription 2 - High Table for credential class should exist Discovery will fail if discovery_credentials.sys_class_name does not have a value, or the corresponding table does not exist. 2 - High Number of active credentials per class should not be more than 20 Number of active credentials per class should not be more than 20. The more active credentials there are per class, the more time it will take for discovery to scan. 2 - High sys_mod_count should not be more than 1000 for Credentials Frequent credential updates will lead to more frequent cache refreshes on MID Server. Frequent cache refreshes will increase the overall overhead to the Instance and MID Servers. 3 - Moderate (new) CAPI to Patterns Migration check Please refer to the below knowledge article to perform CAPI to Patterns Migration https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0827153 3 - Moderate (new) Custom Business Rule on cmdb tables with abort action code. Custom Business Rules with abort action code on CMDB tables causes discovery issues. 3 - Moderate (new) Check CMDB containment rules are out of box Customized containment rules can cause issues in Discovery so this check would help you to identify this customization to take corrective actions 3 - Moderate (new) Check CMDB deletion strategies are out of box Customized deletion strategies can cause issues in Discovery so this check would help you to identify this customization to take corrective actions 3 - Moderate (new) Check CMDB hosting rules are out of box Customized hosting rules can cause issues in Discovery so this check would help you to identify this customization to take corrective actions 3 - Moderate (new) Check CMDB relationship types are out of box Customized relationship types can cause issues in Discovery so this check would help you to identify this customization to take corrective actions 3 - Moderate (new) Custom Mandatory CMDB attributes Custom Mandatory CMDB attributes cause IRE to fail with required attribute missing errors. Review these custom mandatory attributes to avoid IRE issues. 3 - Moderate (new) Check Pre & Post Sensor script are out of box for Discovery Customized Pre and Post scripts can cause issues in Discovery so this check would help you to identify this customization to take corrective actions Email PriorityShort DescriptionDescription 1 - Critical Inbound email disabled If the glide.email.read.active property is set to false, then the instance is currently configured to NOT receive any email 1 - Critical Ensure the OOB POP3/SMTP accounts match the instance name Customers may have accidentally cloned the POP3/SMTP accounts from other instances, causing emails to be read by the wrong instance. 1 - Critical Guest account does not exist The out-of-the-box guest account is necessary when processing some inbound actions. For example, when the system needs to create or update records and the sender is not from a valid domain. 1 - Critical There is only one active SMTP account There is only one active SMTP account. 1 - Critical Email Reader job not running The EmailReader job is responsible for retrieving email messages from the POP3/IMAP server. If this job is not running, email from this server is not currently being retrieved. 1 - Critical SMTP Sender job does not exist The SMTPSender jobs are responsible for sending email messages to the SMTP server. If these jobs are not present, then no email will be sent from the instance. 1 - Critical SMTP Sender job not running The SMTPSender jobs are responsible for sending email messages to the SMTP server. If these jobs are not running, then no email will be sent from the instance. 1 - Critical Email Reader job does not exist The EmailReader job is responsible for retrieving email messages from the POP3/IMAP server. If this job is not present, email from this server is not currently being retrieved. 1 - Critical Outbound email disabled If the glide.email.smtp.active property is set to false, then the instance is currently configured to NOT send any email. 2 - High (New) Basic Auth as authentication method for Microsoft Email servers is deprecated. Basic Auth as authentication method for Microsoft Email servers is deprecated. Check if instance has any email accounts connecting to Microsoft using basic auth and notify customers that they should use OAuth. 2 - High (New) SMTP sender email values must be valid email addresses SMTP 'Email Account' records' 'From' field [sys_email_account.from] value is used as the email address when sending email from this account. If this value is empty, then the User name will be used as the return address for notifications sent from the instance. It is best practice to include a valid email in the 'From' field. This check is marked as 2-High because email sending from this account will fail if: * The 'From' field [sys_email_account.from] contains an invalid email address * The 'From' field [sys_email_account.from] is empty an invalid email address is used as the User name [sys_email_account.user_name] 2 - High Guest account is not active The out-of-the-box guest account is necessary when processing some inbound actions. For example, when the system needs to create or update records and the sender is not a valid user. A guest account is present in the instance, but it is inactive or locked out. This is not necessarily an error, but it just means inbound emails from unknown users will be marked as received-ignored. 2 - High SMTP Sender stuck The SMTPSender jobs are responsible for sending email messages to the SMTP server. This job runs once every 2 minutes. If the SMTPSender job has not been updated in a few minutes, then it may be stuck causing outbound email to be delayed. 2 - High Email Reader stuck The EmailReader job is responsible for retrieving email messages from the POP3/IMAP server. This job runs once every 2 minutes. If the EmailReader job has not been updated in a few minutes, then it may be stuck causing inbound email to be delayed. 2 - High Securing Inbound actions Verify all the senders must have required role to trigger inbound action. 3 - Moderate All outbound email is directed to one address for debugging purposes All outbound email is sent to one email address. This is not necessarily an issue if an instance is not live and debugging activities are being performed. However, if email is not being currently received by your users, then one possibility is that somebody left this debug property enabled. 3 - Moderate Outbound email with large recipient list An outbound email with a large recipient list may slow down email sending. 3 - Moderate (new) TD Tags in Email Client Template adds unwanted extra lines This is caused by PRB1547429 Extra <br/> spaces get added in the HTML table if there are <td> tags in the email client body. This will not break any functionality, just causing extra new lines appear inside the table. Forms and Fields PriorityShort DescriptionDescription 2 - High Slowness when opening forms with high number of activities glide.history.max_entries property specifies the maximum number of entries retrieved for display in an activity stream. The default number is 250. 2 - High Unable to delete a record using Delete UI Action When trying to delete a record using Delete UI Action, nothing happens and a console error is thrown :Error:Uncaught TypeError: Cannot read property 'split' of null at getCascadeDelTablesDoneForm 2 - High HTML fields don't show all actions/options after upgrade When opening any form with HTML fields, all the available options don't show to insert images/links 2 - High @mention functionality not working for Journal input type of fields on the form Users should be able to @ mention other users if the input type of the field is Journal Input type of field. However this doesn't work as expected if live forms is disabled 3 - Moderate Content from HTML type fields is displays with HTMLtags in activity stream. HTML Characters appear in the Activity stream for the HTML type fields because the property glide.ui.security.allow_codetag is set to false 3 - Moderate Check sys_ui_form_section records for invalid sys_ui_section references This check will find sys_ui_form_section records that contain empty/invalid sys_ui_section references. 3 - Moderate Items per page has options over 100 Items per page has options over 100,may have performance issues in loading lists 3 - Moderate Priority data lookup rules are not working on problem table. Priority data lookup rules does not work on the problem table. When the Impact and Urgency are changed, Priority is not updated. It works fine on the incident table but not on the problem table. 3 - Moderate Reference click through is not available for read only fields Before Paris release, even if glide.ui.reference.readonly.clickthrough system property is false, reference icon was showing up. This is actually bug in our system which is fixed from the Paris release as part of PRB1383781 3 - Moderate Public tags are not visible to everyone Public tags are not visible to everyone on the forms. The issue is happens if the 'Global' field is set to False in the label_entry record for the particular tag in question 3 - Moderate Deleting attachment loops forever When deleting the attachments from the form, the popup hangs and progress keeps on loop forever. The issue is because of the customized UI Page - attachment and UI Macro - attachment_list_body Import/Export PriorityShort DescriptionDescription 1 - Critical ISET Data Source: MID Server must be associated to the Data Source of type LDAP Data Sources of type LDAP must have a MID Server value set. This MID Server must be up and responding to this instance's requests. 1 - Critical Data Source record must have a value for the Import Set table name field The import will not work if the Data Source record does not have a value for the Import Set Table field. 1 - Critical ISET Data Source: MID Server must be associated to a Data Source of type JDBC Data Sources of type JDBC must have a MID Server value set. This MID Server must be up and responding to this instance's requests. 1 - Critical ISET Data Source: Attachment not present If a Data Source record's type field is set to "File" and File retrieval method is "Attachment", then there must be a file attached to the Data Source record. This attached file has the contents of the data to be imported, therefore the import will fail if this no attachment is present. 2 - High (new) MID Server used in LDAP Import cannot be part of a cluster MID Server used in LDAP Import cannot be part of a cluster. A dedicated MID Server should be used for LDAP Data Source imports. 3 - Moderate ISET record has at least one import set run record completed per transform map There should be at least one import set run record for each transform map associated to the data source. The import set run record holds information on the transform. If one import set run record exists per transform map, and each of these import set run records's status is set to Completed, then the transform phase was executed and completed. This is marked as 3-Moderate because the transform phase may still be running in which case is not an error but partial transform. 3 - Moderate ISET record has at least one import set run record per transform map There should be at least one import set run record for each transform map associated to the data source. The import set run record holds information on the transform. If one import set run record exists per transform map, then at least an attempt was made to transform the data. It is marked as 3-Moderate because it is not an error if these records are not present, it just means that the transform phase was not initiated. 3 - Moderate At least one record exists in import set table If at least one record is present in import set table for the given ISET, then the import was good enough for at least one record to be imported. If there are no records for this ISET it does not necessarily mean error, it means that the source just happens to have no data. 3 - Moderate Cannot "Export to PDF" following upgrade to Quebec Customer complaining about Export to PDF (Landscape or Portrait) not working after upgrade to Quebec and see a blank screen with below error message. This issue is happening in any form. 3 - Moderate Check on ImportSetRow to add new columns to the staging table Instances that contain large numbers of import sets can sometimes become unresponsive when an import adds a column because the instance must alter every row in the staging table. In some cases, the database alter table action causes an outage. 3 - Moderate Exporting CSV mis aligned due to line breaks You can control how line breaks appear in exported CSV data using the glide.csv.export.line_break system property. 3 - Moderate Export results are formatted with the wrong encoding Export results are formatted with the wrong encoding. Non-English characters (for example, Russian, Hebrew) are replaced by question marks.Cause:The setting for the export encoding is missing or it has the wrong value. This issue is related to exporting data using the CSV format from the instance. 3 - Moderate When using easy import and an import template dates are not being converted When using easy import and an import template from table, for example alm_hardware, dates are not being converted correctly. The OOB easy import template, without modifying the import set or transform map, verified the date had been entered correctly in the Excel document. The date looks correct in the import set, but during the transform it is not being updated correctly.Date in Excel displays 2020-10-10, entered as 10/10/2020, correctlyAfter Import runs, clicking preview data button shows record with Warranty Expiration Date as 10-10-2020Choosing Complete Data Import transforms the data with a Warranty Expiration Date as 04-11-0016 3 - Moderate Exporting to PDF can lead to memory issues when default max rows are changed Sometimes, When exporting reports via list or scheduled reports as pdf, can lead to memory issues.In many customers change this value as this as to accommodate more columns and rows.The property to set max rows always plays major role.Glide.pdf.max_rows default is 5000 3 - Moderate Exporting to PDF can lead to memory issues when default max columns are changed Sometimes, When exporting reports via list or scheduled reports as pdf, can lead to memory issues.In many customers change this value as this as to accommodate more columns and rows.The property to setmax columns always plays major role.Glide.pdf.max_columns default is 25. 3 - Moderate Export CSV limitations check If doing a CSV export from a list view or using an export set and a column contains more than 32,000 characters, the export will limit those columns to around 32,000 characters.By default, CSV exports are limited to 32,000 characters per column. The CSV export uses the display value when exporting columns with long string values. 3 - Moderate Excel Export Cell Limit 2: This check is to verify the allowed number of rows and columns while exporting Due to the way the platform must load the data into memory while converting to .xls and .xlsx formats, there are known memory issues when exporting large reports to Excel. Therefore, the platform restricts the number of rows/columns you can export. This limitation is controlled via properties:Row Limits: glide.ui.export.limit, glide.xlsx.export.limit, glide.excel.export.limitColumn Limits: glide.xlsx.max_cells, glide.excel.max_cellsSometimes these properties must be changed to fit business needs so full reports can be exported, which makes the platform vulnerable to low memory situations. This leads to users experiencing degraded performance on the affected node. 3 - Moderate Excel Export Cell Limit 1: This check is to verify the allowed number of rows and columns while exporting Due to the way the platform must load the data into memory while converting to .xls and .xlsx formats, there are known memory issues when exporting large reports to Excel. Therefore, the platform restricts the number of rows/columns you can export. This limitation is controlled via properties:Row Limits: glide.ui.export.limit, glide.xlsx.export.limit, glide.excel.export.limitColumn Limits: glide.xlsx.max_cells, glide.excel.max_cellsSometimes these properties must be changed to fit business needs so full reports can be exported, which makes the platform vulnerable to low memory situations. This leads to users experiencing degraded performance on the affected node. 3 - Moderate Export Row Limit check 3 for UI: This check is to verify the allowed number of rows and columns while exporting Due to the way the platform must load the data into memory while converting to .xls and .xlsx formats, there are known memory issues when exporting large reports to Excel. Therefore, the platform restricts the number of rows/columns you can export. This limitation is controlled via properties:Row Limits: glide.ui.export.limit, glide.xlsx.export.limit, glide.excel.export.limitColumn Limits: glide.xlsx.max_cells, glide.excel.max_cellsSometimes these properties must be changed to fit business needs so full reports can be exported, which makes the platform vulnerable to low memory situations. This leads to users experiencing degraded performance on the affected node. 3 - Moderate Export Row Limit check 2 for UI: This check is to verify the allowed number of rows and columns while exporting Due to the way the platform must load the data into memory while converting to .xls and .xlsx formats, there are known memory issues when exporting large reports to Excel. Therefore, the platform restricts the number of rows/columns you can export. This limitation is controlled via properties:Row Limits: glide.ui.export.limit, glide.xlsx.export.limit, glide.excel.export.limitColumn Limits: glide.xlsx.max_cells, glide.excel.max_cellsSometimes these properties must be changed to fit business needs so full reports can be exported, which makes the platform vulnerable to low memory situations. This leads to users experiencing degraded performance on the affected node. 3 - Moderate Export Row Limit check 1 for UI: This check is to verify the allowed number of rows and columns while exporting Due to the way the platform must load the data into memory while converting to .xls and .xlsx formats, there are known memory issues when exporting large reports to Excel. Therefore, the platform restricts the number of rows/columns you can export. This limitation is controlled via properties:Row Limits: glide.ui.export.limit, glide.xlsx.export.limit, glide.excel.export.limitColumn Limits: glide.xlsx.max_cells, glide.excel.max_cellsSometimes these properties must be changed to fit business needs so full reports can be exported, which makes the platform vulnerable to low memory situations. This leads to users experiencing degraded performance on the affected node. 3 - Moderate (new) Corrupted Excel file if there is a currency field. When exporting to an Excel file, the file cannot be opened. A warning is displayed that states that the file is corrupted. Open the Excel file with currency field. A warning is displayed that states that the file is corrupt. This issue can also occur on any other table with the Currency field. 3 - Moderate (new) Exports are not UTF-8 encoded By default, ServiceNow exports all CSV files in Windows-1252 encoding. If exports are not UTF-8 encoded, then some special characters will not be exported successfully. 3 - Moderate (new) Import Logs do not work unless you add property introduced in San Diego When an instance is upgraded to San Diego it will no longer write import logs. Messages that used to be recorded in the import_log table prior to the San Diego upgrade are no longer being recorded. This is because, there is a new property from San Diego to enable "glide.importlog.log_to_table" property to see import logs. 3 - Moderate (new) Import Set column's size for User's Email [sys_user.email] should be set to 100 The field's max length for user's email addresses is automatically set to 40 when using the Import Set feature to import user data. Imported email addresses longer than 40 characters will be truncated. This check will alert if the user email import set field max length is 40 and there are users' with email addresses exactly 40 characters in length. 3 - Moderate (new) Import Set column's size for User's UserID should be set to 100 The field's max length for user's user ID is automatically set to 40 when using the Import Set feature to import user data. Imported user names longer than 40 characters will be truncated. This check will alert if the user ID import set field max length is 40 and there are users' with user name exactly 40 characters in length. 3 - Moderate (new) MID Server used in JDBC Import cannot be part of a cluster MID Server used in JDBC Import cannot be part of a cluster. A dedicated MID Server should be used for JDBC Data Source imports. 3 - Moderate (new) WHTP host change in Rome (from whtp to parexport) After upgrading to Rome, exporting a dashboard results in a blank pdf page. The issue is that the host for WHTP is set to whtp and since we are using PARExport since Rome release, this setting is not allowing the pdf export to be successful. MID Server PriorityShort DescriptionDescription 1 - Critical MID Server down Search for MID Servers that are down. 1 - Critical MID Server validated You must manually validate the MID Server after it is installed to enable it to execute automation tasks. 1 - Critical MID Server is down or failed to upgrade - OCSP cert revocation verification MID Server can fail to install or upgrade to Orlando due to new external connectivity requirement to ocsp.entrust.net for OCSP certification revocation verification check. 1 - Critical MID Server role To communicate with the instance, MID Servers need a user ID and the appropriate role. 2 - High MID Server version should match instance version The version of the MID Server must be compatible with the version of the instance. Otherwise, the MID Server cannot process commands or communicate with the instance. The instance determines which version of the MID Server is allowed. The MID Server version must at minimum belong to the same major release, such as Helsinki. If the MID Server version belongs to the same major release, it can, but does not have to, belong to the same minor version, such as Helsinki Patch 1. In this case, communication with the instance might still be possible, but it is always suggested that you upgrade to the latest version. Mobile PriorityShort DescriptionDescription 2 - High Checks for MRVS ui policy support in the MobileCatalogUIPolicyBuilder script Checks to ensure the MobileCatalogUIPolicyBuilder contains the script necessary to apply UI Policies to MRVS (multi row variable sets) in the service portal / mobile UI. If this script was previously customized, it is possible that the update which added MRVS policy support was skipped. 2 - High Check for invalid mobile item parameters This checks for sys_sg_item_parameter records that contain an empty/null parent reference. 2 - High Users cannot log in Now/Agent Mobile Apps UI Page named 'oauth_login' is used by Now/Agent Mobile Apps for authentication. If the property glide.authenticate.external is set to true, users will be forced to logout page when trying to authenticate. 3 - Moderate Push notification 'Approval Assigned to Me' shows 'Applet not found' error. The push notification 'Approval Assigned to Me' content message causes an error when the user selects the notification on a mobile device. Accessing the mobile push notification shows the 'Applet not found' error.Check the 'Approval assigned to me' push notification record under sys_push_notif_msg_content table and make sure that line 11 in the Push Message Generation text area refers to: 'sc_req_item' as opposed to 'sc_requested_item'. 3 - Moderate Agent app only shows approvals from Request, Requested Item and Change Request Agent app only shows approvals from Request, Requested Item and Change Request tables. Approvals set on other tables (Knowledge table for instance) do not appear on the Agent mobile app 3 - Moderate 'Desktop Only' catalog items are showing up on the ServiceNow Mobile apps Catalog Items are showing in Mobile App even though the availability setting has been set to 'Desktop only'. 3 - Moderate Grouped Incidents applets on Mobile app does not show any record Grouped Incidents applets on servicenow Mobile apps do not show the records; On an Android device, when the issue occurs, "Applet not found. Contact your administrator" error can be seen. iOS does not throw any errors on the screen. 3 - Moderate Disable access for the ServiceNow Classic mobile app Starting from Paris release, access to an instance using the ServiceNow Classic mobile app is controlled by the glide.ui.m.allow_classic_mobile_app system property. Performance PriorityShort DescriptionDescription 4 - Low Number of Archive Consumer Jobs not configured with OOB value From the Paris release, data archiving has changed from a single-threaded operation to a multi-threaded process. As a result, we now have 4 consumer scheduled jobs that pick up records for archiving. There have been cases where this multi-threaded operation has put pressure on database replication and therefore as a temporary measure, ServiceNow may have recommended that we reduce the number of consumer archive jobs via this property glide.db.archiving.max_consumer_workers. For example, we have reduced the number of max consumer workers from 4 to 2, or perhaps even 1. Performance Analytics PriorityShort DescriptionDescription 2 - High Check properties related to Performance Analytics job collections Large property value with com.snc.pa.dc.max_row_count_indicator_source and/or com.snc.pa.dc.max_records may lead to performance issue or cause OOM on the node. Reporting PriorityShort DescriptionDescription 3 - Moderate Reports without a filter condition It is not good practice to create a report without a filter condition as the platform is not able to use a database index to keep the transaction performant. This also places an unnecessary load on the database as the query will execute a full table scan, and on large tables in particular this can be expensive 3 - Moderate Scheduled reports for invalid or inactive users Checking for any scheduled reports still active that are running as deleted users or inactive users Service Catalog PriorityShort DescriptionDescription 1 - Critical Cascade Variable is not working in Order Guide Cascade Variable is not working in Order Guide 1 - Critical Rule base is not opening the catalog item in Order Guide Rule base is not opening the catalog item in Order Guide 2 - High Securing Record Producers If appropriate roles are not assigned to record producers then, an unauthorized users can access it by directly navigating to the URL and thereby revealing unnecessary and sensitive information. 2 - High Catalog item is not accessible although there are no roles or user criteria Catalog item is not accessible to the user although there are no roles or user criteria defined on the item. 2 - High Catalog business rule customizations User should not create Before Business rule customisations on catalog related tables. 2 - High Macro variables are not displayed in the service catalog or portal Macro variables for catalog items are not being displayed when viewing the item. 2 - High Attachments are not showing on RITM records When adding an attachment to a catalog item and submitting it, the attachments don't get carried over to RITM 2 - High Catalog submission issues if there are mandatory variables that are inactive The variable editor doesn't display and gives a null pointer exception when there are mandatory variables that are inactive. Even if the variable is inactive this unexpected behavior is caused if the variable is mandatory 3 - Moderate Lookup Select Box variable causing catalog page slow Lookup Select Box variable causing catalog page slow Service Portal PriorityShort DescriptionDescription 2 - High Check if custom widget instances are using the isServiceWorkspace json option This check will find any custom widget instances that might be using the isServiceWorkspace json option. This option is undocumented and is for internal purposes only. It should not be manually applied. 2 - High Announcements in the Service Portal are not displayed Announcements are not displayed in the Service Portal after upgrading to Paris. There is a 500 internal server error in the browser console. The [AppSec] Daily Data Management scheduled job must be run as a valid admin user. 2 - High Recommended value for $sp in sys_public table As per ServiceNow recommendation, $sp should be set as public in sys_public table. Because every page request is routed through the $sp page, this page must be public. 3 - Moderate Menu item drop-down window is cut off when clicked onto When a menu item in the Service Portal header is clicked onto, the drop-down window that appears after is cut off. This is caused by "angular-truncate" dependency in the Header Menu widget is missing (this dependency can be seen in the "Dependencies" related list on the widget form). 3 - Moderate KB attachments missing in Contextual Search Attachments are missing when viewing the KB article using the Contextual Search widget in Service Portal. The reason for this is Knowledge attachments widget is missing on the page. 3 - Moderate Order Guide Widget missing tabs The order guide is missing the tabbed format. 3 - Moderate Knowledge Base link is not working on Service Portal When clicking on the link for Knowledge Base, It doesn't navigate to Kb_view2 page and shows the page id as empty. The issue happens due to Kb_view2 page is not available in the instance. 3 - Moderate window.open breaks the service portal page in Internet Explorer When using window.open javascript function is called in service portal widgets within href attribute, it breaks the portal on IE and shows a blank page.Affecting Code:<a href="javascript:window.open('location');'">Link to a Page</a> 3 - Moderate HTML fields does not show up on community portal HTML fields does not show up on community portalSteps to Reproduce:1- Go to https:instance.service-now.com/community2- Open one of the forums3- Click into the "Have a question? Click here to start typing."4- Observe that the "Description" field is missing.5- Go to an existing post6- Attempt to reply via the "Reply", "Comment" or "Click here to reply on this post..."7- Observe that the comment field is missing. 3 - Moderate Knowledge search does not work for non-admin user on portal Knowledge articles are not searchable for non-admin users using Homepage search bar and Typeahead search widgets.This is normally related to public read ACL on kb_knowledge table. 3 - Moderate Multi-row Variable Set does not show up on RITM Multi-row Variable Set does not show up on RITM when the catalog item is submitted from service portal 3 - Moderate g_navigation does not work in Service Portal g_navigation comes from GlideNavigation.js is available in Desktop UI and not in Service Portal. 3 - Moderate No snc_external access to "Data Table from URL Definition" widget "Data table from Url definition" inherits from "Data Table", so both widgets needs the same access/criteria. Currently "Data table from Url definition" allows access to "snc_external" user, similar access should to be added to "Data Table" widget. 3 - Moderate Unable to remove attachment form catalog item on service portal. When using customized SC Catalog Item widget, you may face issue in deleting/removing the attachment on catalog item page in Service Portal. An error "ReferenceError: dialogPolyfill is not defined" can also be seen on browser console for this issue. This error can be observed when dependency is not added to the custom widget. 3 - Moderate Search returns 404 for customer contact users. When a contact user ( users with the sn_customerservice.customer role) searches something on the homepage search on the service portal and then clicks on the magnify icon, it shows the URL is going to search page, but finally '404' page was shown. It works fine for admin users though. 4 - Low In Service Portal, internal page will not be editable in portal designer In Service Portal, internal page will not be editable in portal designer. SLA PriorityShort DescriptionDescription 3 - Moderate Task SLA timings not updating Task SLA timings are not updating on view of a task form 3 - Moderate SLA customisations SLA customisations might make SLA not working as expected. User Experience PriorityShort DescriptionDescription 1 - Critical Escape Jelly glide.ui.escape_all_script should be true Forces all expressions within Jelly JavaScript <script> tags to be escaped by default. Enforces escaping only if the type attribute in the <script> tag is empty, or if the value is text/javascript, text/ecmascript, application/javascript, application/ecmascript, or application/x-javascript. 1 - Critical Checks to ensure VTB (visual task boards) are associated with a valid table This will check to ensure that all VTB records are associated with a valid table. If a board does not reference a valid table, users will receive a blank screen and a 500 internal server error when accessing vtb.do. 1 - Critical Checks for invalid table name in push content This checks push message content for notifications for invalid table names. 2 - High Agents not getting notified of work items in Agent Workspace In out of box instance, when an end-user contact Live Agents, an Interaction record and a Work Item record will be created. If there is a default value set for assigned to field on interaction table, state of the interaction changes to work in progress and no work item is generated. Because of this Agents don't see any work items. 2 - High glide.uxf.js_server.consolidate to false causes performance issues in workspace This property is set to true in OOB.The reason this property needs to be enabled:1. For the workspace to be loaded, the browser will download the required js files from the server.2. If the property is disabled, the js files will be download one at a time, and it will cause significant delay in loading workspace.3. If the property is enabled, the js files will be downloaded in a single bundle, thus reducing the overhead in load time. 2 - High Check to ensure glide.xmlutil.max_entity_expansion is at least 3000 The recommended value for glide.xmlutil.max_entity_expansion is 3000. This was previously 500, but this caused issues in Paris+ releases, including users losing the ability to edit fields in the list view. 2 - High Multiple Chat setup records are present in the instance. Multiple chat setup records are present in the instance and may cause the live agent chat to not work properly. 2 - High UI Actions without conditions may cause unintended results UI Actions without conditions may allow unintended users to update/delete records. 2 - High Invalid UI policy action configurations When configuring a UI policy, make sure that there are no UI Policy actions that are making the field read-only and mandatory at the same time OR making a non-visible field as mandatory. 2 - High Setting glide.ui.js_includes to false - May cause performance issues in UI16 This property is set to true in OOB.The reason this property needs to be enabled:1. For the UI 16 to be loaded, the browser will download the required js files from the server.2. If the property is disabled, the js files will be download one at a time, and it will cause significant delay in loading UI16.3. If the property is enabled, the js file will be downloaded in a single bundle, thus reducing the overhead in load time.There is also a known problem that would cause styling issues if this property is set to false: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0820514 2 - High UI Actions using getRowCount may cause performance issues UI Actions using GlideRecord's getRowCount property may cause performance issues when working on tables with a high record count. 2 - High Check system property value for sn_shn.note_preferences When accessing forms in Agent workspace, it doesn't load and shows a message saying 'Record not found' 2 - High Check to see if the ImpersonateEvaluator script include was customized Customization of the script includes ImpersonateEvaluator can lead to issues where the impersonation feature does not work as designed. 2 - High Synchronous AJAX call in Service Portal client scripts Using Synchronous AJAX calls (getXMLWait) in client scripts is not supported in service portal. 3 - Moderate Jelly/JS interpolation protection. Use the glide.ui.jelly.js_interpolation.protect property to ensure that any JavaScript about to be executed on a Jelly page is protected from injection with the help of Jelly interpolation. 3 - Moderate Avoid custom Global UI Scripts Global UI scripts are loaded on every single page/form in ServiceNow even if they code within them is not called. 3 - Moderate If post chat survey is set then interaction transcript might generate late If the post-chat survey is set then the chat transcript in the "interaction" table will not generate when the chat is closed and the end-user does not submit the survey. In such case transcript generates once the "Time Out Abandoned VA Conversations" scheduled job is executed once every day. 3 - Moderate List optimize set to false - may cause performane issues. For performance reasons when rendering a list, ServiceNow fetches only the data for the fields displayed in the list. When set to false, the system not only the fetches fields used in the display but all the fields from the table. This adds significant overhead because it applies to every fetch of every list. 3 - Moderate Jelly debugging on - may cause performane issues. Having this property on casues many logs to be printed in our localhost logs - it may cause performance issues. We recommend turning this property off 3 - Moderate Asynchronous AJAX call in on submit client scripts The GlideAjax (Asynchronous) does not work on onSubmit Client Script. This is because of the fundamental behavior of Asynchronous scripts which are non-blocking by nature. 3 - Moderate AWA presence states are not configured to receive work items For the default Available state, be sure to enable this Active check box so that work items are routed to available agents. If the Active state is not enabled, AWA does not route work items to agents. 3 - Moderate User Row Count Preference Users have the ability to increase their record row count property when viewing lists. Any user with a row count property > 50 is not adhering to best practice. 20 rows are the recommended value for the best user experience and also prevents unnecessary load on the database. 3 - Moderate GlideRecord/g_form.getReference usage on Client Scripts Using GlideRecord and g_form.getReference() to fetch server data is no longer recommended due to their performance impact. Both methods retrieve all fields in the requested GlideRecord when most cases only require one field. 3 - Moderate 'Favourite' Lists without a filter condition It is not good practice to view a list of records without a filter condition in place as the platform is not able to use a database index to keep the transaction performance. This also places an unnecessary load on the database. 3 - Moderate glide.security.strict.actions should be true Normally, UI actions conditions are checked only during form rendering. The property glide.security.strict.actions checks conditions on UI actions before execution. Setting the property to true ensures an extra layer of validation on the table UI actions before they are executed. 3 - Moderate Synchronous AJAX call in client scripts Code that uses synchronous AJAX feels very slow and affects user experience. 4 - Low Check the glide.search.suggestions.enabled property This check will determine if search suggestions are enabled (default) by validating the value of glide.search.suggestions.enabled 4 - Low Certain fields missing from portal instance options The widget instance configuration in Service Portal relies on the view called "SP Instance Config View" of the sp_instance table. Removing fields from that view will result in the disappearance of those fields from "Instance Options" Workflow PriorityShort DescriptionDescription 2 - High There must be an active and published workflow on the Request table There must be an active and published workflow on the Request table 2 - High Approval Workflow Activity Definition should not be customized All Workflow Activity Definition (wf_activity_definition) with name containing "approval" should not be customized. Also WorkflowApprovalUtils script include should not be customized 2 - High Business rule and script for catalog task activity should not be customized "SNC - Run parent workflows" Business Rule and "TaskStateUtil" script include should not be customized. 2 - High Custom workflow activity definition should exist The Workflow Element Definitions (wf_element_definition) table does not contain Activity definition (activity_definition) specified within the Workflow Activities (wf_activity) table 3 - Moderate There should be a workflow version for all executing workflow contexts There should be a workflow version for all executing workflow contexts. Otherwise, the executing workflow context will show the following error message "Workflow model ID not valid" and will terminate in error. 3 - Moderate Confirm Workflows will only trigger for their domain Ensure that all Workflows are linked to a domain. This will ensure each domain has it's own processes. https://docs.servicenow.com/csh?topicname=c_WorkflowsAndDomainSeparation.html 3 - Moderate Workflows Activities should not use current.update() function When a record is inserted, current.update() can cause the workflow to cause an infinite loop. When a record is updated, current.update() causes all script engines to run twice. To avoid an infinite loop when a record is inserted, remove unnecessary current.update() calls from custom scripts.