System Export Sets don't work on Code Signing enabled instancesDescriptionSystem Export Sets move attachments to the MID Server via records in the ecc_agent_attachment table. If Code Signing is enabled in the instance (which is instance hardening and security best practice) then the fact that those attachments are not signed will prevent the feature working.Steps to Reproduce 1/ Enable Code Signing in the instance - https://www.servicenow.com/docs/csh?topicname=code-sign-properties.html&version=latest2/ Set up an Export Set and run it. Actual behaviour: Inspect the MID Sever's agent log, and you will see the following error, and the Export Set will fail: (Note: In versions prior to Australia, this error will be seen even when Code signing is not enabled, and the Export Set works.) 024-06-07 03:00:05 (992) SOAPProcessorThreadb311db0b93ea4a1c363fb34a6aba10a5 36C41E5693E242D8363FB34A6ABA1038 txid=3711530b93ea SignatureUtil SEVERE *** ERROR *** Unable to find the signature with the sys id, 17119f83c32a4ad874ba99da0501316f, for the table, ecc_agent_attachment.com.glide.codesigning.exception.CodeSigningException: Cannot just-in-time load the signature record: Couldn't find pluginId for documentId: 17119f83c32a4ad874ba99da0501316f with signatureRecordSysId: 3004386fdfb94d9792869cc38e8a4d01 at com.glide.codesigning.output.JustInTimeLoadingEngine.loadSignatureRecordJustInTime(JustInTimeLoadingEngine.java:89) at com.glide.codesigning.output.CodeSigningOutputUtility.getCodeSigningRecordGRUsingFields(CodeSigningOutputUtility.java:120) at com.glide.codesigning.output.CodeSigningOutputUtility.getCodeSigningSignatureRecordForRestEndPoint(CodeSigningOutputUtility.java:85) at com.snc.core_automation.security.validation.application.SignatureUtil.loadSignatureRecord(SignatureUtil.java:115) at com.snc.core_automation.security.validation.application.SignatureUtil.getSignatureV2AsMap(SignatureUtil.java:80) at com.snc.core_automation.security.validation.application.SignatureUtil.getVersionedSignatureAsJSON(SignatureUtil.java:136) at com.snc.core_automation.security.validation.application.SignatureUtilJS.jsFunction_getVersionedSignature(SignatureUtilJS.java:53) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:151) at org.mozilla.javascript.FunctionObject.doInvoke(FunctionObject.java:717) at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:654) at org.mozilla.javascript.ScriptRuntime.doCall(ScriptRuntime.java:2973) at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1720) at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:1030) at org.mozilla.javascript.InterpretedFunction.lambda$call$0(InterpretedFunction.java:161) at com.glide.caller.gen.sys_web_service_6c94a96683201000dada83ec37d929c8_script.call(Unknown Source)... at com.glide.processors.soap.SOAPCustomProcessor.execute(SOAPCustomProcessor.java:107)... at com.glide.util.ParentedThread.run(ParentedThread.java:51) Expected behaviour: When MIDServerExportTargetWorker.java is Creating an attachment on the MID Server Attachment table [ecc_agent_attachment], it would also need to create a KMF Signature record [sn_kmf_record_signature] to go with it.WorkaroundThis problem has no workaround, is currently under review and targeted to be fixed in a future release. Subscribe to this Known Error article to receive notifications when more information will be available. When code signing is not enabled, errors about missing signatures for ecc_agent_attachment records can be ignored.Related Problem: PRB1989657