Mid Server is down with connection error between MID server host and OCSPCheck authorityIssue MID server is down with OCSP errorsReleaseAnyCauseReviewed Agent logs and found communications error between MID server host and OCSPCheck authority: 11/30/21 11:18:34 (738) RefreshMonitor.65 WARNING *** WARNING *** OCSPCheck HTTP status: 403, error message: Method failed: (/) with code: 403 - Forbidden username/password combo11/30/21 11:18:34 (738) RefreshMonitor.65 WARNING *** WARNING *** OCSP revoke check IOException for *.service-now.com11/30/21 11:18:34 (738) RefreshMonitor.65 WARNING *** WARNING *** org.apache.commons.httpclient.HttpException: unknown tag 28 encountered11/30/21 11:18:34 (738) RefreshMonitor.65 SEVERE *** ERROR *** getRecords failed (org.apache.commons.httpclient.HttpException: unknown tag 28 encountered)11/30/21 11:18:34 (738) RefreshMonitor.65 WARNING *** WARNING *** MIDRemoteGlideRecord.query failed, retrying in 120 seconds11/30/21 11:18:40 (501) ECCQueueMonitor.1 WARNING *** WARNING *** OCSPCheck HTTP status: 403, error message: Method failed: (/) with code: 403 - Forbidden username/password combo11/30/21 11:18:40 (501) ECCQueueMonitor.1 WARNING *** WARNING *** OCSP revoke check IOException for *.service-now.com11/30/21 11:18:40 (501) ECCQueueMonitor.1 WARNING *** WARNING *** org.apache.commons.httpclient.HttpException: unknown tag 28 encountered11/30/21 11:18:40 (501) ECCQueueMonitor.1 SEVERE *** ERROR *** getRecords failed (org.apache.commons.httpclient.HttpException: unknown tag 28 encountered) Depending on the reason for the connection rejection, the error may present itself slightly differently: 09/01/22 11:13:56 (995) RefreshMonitor.65 WARNING *** WARNING *** OCSPCheck HTTP status: 503, error message: Method failed: (/) with code: 50309/01/22 11:13:56 (995) RefreshMonitor.65 WARNING *** WARNING *** OCSP revoke check IOException for *.service-now.com09/01/22 11:13:57 (011) RefreshMonitor.65 WARNING *** WARNING *** org.apache.commons.httpclient.HttpException: unknown tag 28 encountered09/01/22 11:13:57 (011) RefreshMonitor.65 SEVERE *** ERROR *** getRecords failed (org.apache.commons.httpclient.HttpException: unknown tag 28 encountered)09/01/22 11:13:57 (011) RefreshMonitor.65 WARNING *** WARNING *** MIDRemoteGlideRecord.query failed, retrying in 10 seconds09/01/22 11:13:58 (679) ECCQueueMonitor.1 WARNING *** WARNING *** OCSPCheck HTTP status: 503, error message: Method failed: (/) with code: 503...etc...09/01/22 11:43:11 (479) StartupSequencer SEVERE *** ERROR *** Problem invoking InstanceInfo on https://xxxx.service-now.com/: Please check that the InstanceInfo page exists in the sys_public table and active="true".09/01/22 11:43:11 (479) StartupSequencer SEVERE *** ERROR *** Request not sent to uri= https://xxxx.service-now.com/InstanceInfo.do?SOAP : org.apache.commons.httpclient.HttpException: unknown tag 28 encountered(Network Configuration issue) Please check that the MID server can ping the instance: https://xxxx.service-now.com/You may also need to configure the network that the MID server uses to allow traffic over TCP port 443.09/01/22 11:43:11 (480) StartupSequencer SEVERE *** ERROR *** test failurejava.lang.IllegalStateException: Unable to connect to instance. at com.service_now.mid.services.StartupSequencer.runTests(StartupSequencer.java:657) at com.service_now.mid.services.StartupSequencer.startupSequencerRunnable(StartupSequencer.java:713) at java.base/java.lang.Thread.run(Thread.java:829) If the MID server cannot reach the accessLocation URIName the revocation test will not pass.ResolutionPlease review and ensure communication between MID server and OCSP server, and review certStatus result: Confirm the MID server can communicate to the OCSP server, may need to involve your network team if communication is being blocked. One simple test to confirm connectivity with the OCSP server outside of ServiceNow is to open a browser on the server hosting the MID Server and try try accessing this URL:http://ocsp.entrust.net/The expected behavior is to see a blank page. If any type of error presents, that is an indication that something is blocking access to the Entrust OCSP site.Review the network traffic and confirm the server replied with a certStatus= good. Or create a policy for the target url so that the OCSP check is not performed, this is not the suggested workaround. Note: Your security team would need to determine what they consider the safest solution out of the two above. If the MID Server is down due to OCSP errors, you could also set following MID Server parameter in its "agent\config.xml" as a temporary workaround: <parameter name="mid.ssl.bootstrap.default.check_cert_revocation" value="true"/> This parameter is used to make first connection to the instance and will get updated with the policy as defined on the ServiceNow instance for subsequent connections. So you will need to refer to MID Server certificate check policies for instructions on how to bypass the check for all subsequent connections as well. Refer to the knowledge base article on Troubleshooting MID server SSL issues for more details on SSL issues .