If you have a dedicated proxy between your SCOM Management servers and your ServiceNow instances you will need to configure a proxy. The ServiceNow connector picks up your proxy settings from "Internet Options" configured on your server in most cases (see here for a how-to guide).
Specific proxy settings
Added in 126.96.36.19921
In some cases, Alert sync and Discovery need to have their own proxy settings defined. These are set in the registry of each SCOM Management Server (if your Resource Pool contains multiple servers, you will need to configure this on each server in the pool) and are not present by default.
ConnectionProxyUri – the URI of the proxy to connect to
ConnectionProxyBypassLocal – Optional, defaults to false, used when creating the proxy
Added in 188.8.131.52
You may already have an edge server/network device that has the ability to connect out to your ServiceNow instance. A computer hosting a ServiceNow Mid Server for example. You can implement a port proxy on a single port to enable one or more management servers to communicate to your instance, negating the need to implement or interface with a dedicated proxy server.
In our fictitious examples, we will use:
A Windows server with an IP address of
10.10.0.55and a DNS name of
infra-mid01.companyinc.local that we will use to host a portproxy.
A Linux server with no further defined attributes that we will use to host a portproxy.
A pair of SCOM Management servers with IP addresses of
A service now instance at
The examples focus on Windows and Linux servers, however other port proxy implementations should also work.
Configuring portproxy on Windows using netsh
The following command sets up your Windows server to listen on 10.10.0.55:22000 and direct the traffic to cookdown.service-now.com:443. This can be run from an elevated command prompt or PowerShell instance.
Next, we need to configure the local firewall to accept connections from the management server. In this example, we will open up the port to a pair of management servers using PowerShell.
Configuring port proxy on Linux using FirewallD
See also: Red Hats documentation for rich rules
The following command sets up a Linux server to accept connections from a management server on port 51000 and direct the traffic to the IP address of our ServiceNow instance. At the time of writing FirewallD does not support the use of hostnames in this capacity.
The following Ansible playbook uses the firewalld module to set up a Linux server to do the same for the other management server using optional additional logging.
Apply the registry keys to enable the host header override
ServiceNow requires the host header on the request to match the instance name (not your internal port proxy server). We enable this using a string registry value 'UsePortProxyHeader' on each management server in the Cookdown resource pool.
UsePortProxyHeader - String set to true
Updating the ServiceNow connector to point to the port proxy
Both AlertSync and Discovery configurations need to be pointed at the newly opened port proxy address using the IP or DNS name of the server hosting the port proxy. Make sure to keep the rest of the URL the same and only change the host portion. The ServiceNow instance name must be set to the destination instance.
You should now be ready to use and test the port proxy.