MID Server GetCredentials SOAP Timeout After Restart Due to Unreachable OAuth EndpointsIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } After a MID server restart (or credentials_reload system command), the GetCredentials SOAP call times out at 90 seconds and fails after 5 retries. All flows, probes, and actions that depend on credentials are blocked. The MID server was functioning normally before the restart. Symptoms<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } MID agent log shows GetCredentials SOAP requests returning HTTP 500 with fault string: "Transaction cancelled... did not finish within 90 seconds - terminating request" ERROR (Worker-Expedited:IPaaSActionProbe-210a88436c1887589ff3fff271d8733e) [InstanceSOAPClient:168] SOAP Request: <SOAP-ENV:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="http://www.service-now.com/GetMIDInfo" xmlns:m="http://www.service-now.com" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:execute><agent xsi:type="xsd:string">xxxxxxxxxxxxxxxxxxxxx</agent><purpose xsi:type="xsd:string">GetCredentials</purpose></m:execute></SOAP-ENV:Body></SOAP-ENV:Envelope> ERROR (Worker-Expedited:IPaaSActionProbe-210a88436c1887589ff3fff271d8733e) [InstanceSOAPClient:168] SOAP Response: Status code=500, Response body=<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Transaction cancelled: SOAPProcessorThread690a0c4f7ddc4794567d81cc86a57863: redirect count exceeded or request did not finish within 90 seconds - terminating request...</faultstring><detail>Error completing SOAP request</detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> After 5 retries: ERROR (Worker-Expedited:IPaaSActionProbe-210a88436c1887589ff3fff271d8733e) [StandardCredentialsProvider:459] Failed to retrieve credentials and affinities com.snc.midserver.midinfo.api.MIDServerInfoException: GetCredentials: unable to connect after 5 retries (clientError=null) Integration Hub (IPaaSActionProbe), Discovery, and other credential-dependent operations all failIssue only surfaces after a MID restart or credentials_reload - not during normal operation when credentials are cachedMay be accompanied by: "MID Outbound mTLS: Cannot find mid_protocol_profile_credentials with matching id or protocol name" - this is unrelated and should not be investigated separately WARN (Worker-Expedited:IPaaSActionProbe-1c5cc4036c5887589ff3fff271d8735d) [MIDOutboundProtocolRegistryProvider:110] MID Outbound mTLS: Cannot find mid_protocol_profile_credentials with matching id or protocol name Facts<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Self-hosted / on-premises instanceMID server credential cache was cleared by restartOne or more OAuth-type credentials in the discovery_credentials table have applies_to set to "All MID Servers"Those OAuth credentials reference external token endpoints unreachable from the instance networkEach unreachable endpoint times out at approximately 10 seconds; the cumulative timeout across all unreachable endpoints exceeds the 90-second SOAP transaction limit Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Yokohama and later. Not version-specific - the behaviour is inherent to how the instance handles OAuth credential token refresh during GetCredentials. Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } When the MID server starts or reloads credentials, the instance responds to the GetCredentials SOAP call by iterating over all credentials where the MID Serverallocation is set to "All MID Servers". For each OAuth-type credential, the instance eagerly calls OAuthTokenRetriever.getGlideOAuthAccessToken() to refresh the token before returning it. If any of those OAuth credentials point to external token endpoints unreachable from the instance network, each connection attempt times out (typically 10 seconds per endpoint). When multiple unreachable endpoints are present, the cumulative timeout exceeds the 90-second SOAP transaction limit, and the instance cancels the GetCredentials response. Before the restart, credentials were cached in the MID server's memory, so no GetCredentials call was needed and the unreachable endpoints were never hit. Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Identify the offending credentials: On the instance, query the discovery_credentials table where the type is OAuth (or similar) AND the MID Server allocation (applies_to / mid_selector) is set to "All MID Servers". Fix - Steps to Resolve: If the credential is not needed by any MID server: change "Applies to" from "All MID Servers" to "Specific MID Servers" and leave the list empty.If the credential is needed by specific MID servers only: change "Applies to" to "Specific MID Servers" and select only the relevant MIDs.If the credential is legitimately needed by all MID servers: ensure the OAuth token endpoints are reachable from the network where the instance operates. After making changes, restart the MID server and verify GetCredentials completes successfully. Diagnosis (if root cause needs confirmation): Enable HTTP debug logging on the MID server: stop the MID, add glide.http.log_debug = true to config.xml, start the MID, reproduce, collect logs, then set back to false.In the HTTP debug logs, look for WARN entries from HTTPClient showing ConnectTimeoutException to external OAuth token endpoints.Count the unreachable endpoints and multiply by the timeout value (typically 10 seconds each). If the total exceeds 90 seconds, this confirms the root cause. Prevention: Only scope credentials to MID servers that actually need them. If a credential is instance-side only, set "Applies to" to "Specific MID Servers" with an empty list. After creating or modifying OAuth credentials, verify MID credential retrieval by restarting the MID or issuing a credentials_reload. Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } KB0718589 - Why MID server ECC queue inputs remain in Ready state, including notes on credentials_reload and OAuth2 refresh behaviour KB2728899 - Why credentials_reload SystemCommand entries stay in Ready state and when high volume indicates OAuth2 credential misconfiguration