Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Troubleshoot domain separation errors

Troubleshoot domain separation errors

If you encounter domain separation issues, review this list of solutions.

Error or symptom Solution
A domain sys_id points to a non-existent domain This error occurs when a data record, such as a user or task record, has a sys_domain column value whose sys_id does not exist in the current domain table. The domain sys_id could have been accidentally deleted or it could refer to a previous domain table if you changed the domain table.
To fix the error, open a list for the table containing the error, filter on the invalid sys_domain value. Then, either manually enter the correct sys_domain value or remove it.
Note: You can have invalid domain sys_ids in any table that references the domain table. For example, invalid domain IDs can occur in the User Visibility Domain [sys_user_visibility], Group Visibility Domain [sys_user_group_visibility], and Contained Domain [domain_contains] tables.
A domain path or domain number sys_id points to the wrong domain This error occurs when a domain number or domain path query is out of sync with the actual domain name. This error can occur with domain numbers when adding domains requires renumbering or during the conversion from domain numbers to domain paths.

To fix the error, validate the domain tree and let the background conversion process run to completion. If the error persists, you can manually edit the value for the sys_domain_path or sys_domain_number columns to point to the proper domain.

The domain tree structure is corrupt This error occurs if there is a series of domain contains relationships that create an infinite loop among domains.

To fix the error, open a list for the domain table and manually edit the domain contains values to not form a loop.

Enable verbose domain logging and debug messages

Domain log and debug messages allow you to troubleshoot domain configuration errors.

Before you begin

Role required: admin

Procedure

  1. Navigate to Domain Admin > Configuration.
  2. For Enable verbose domain logging, select the Yes check box.
  3. Click Save.

View a real-time domain message

You can view real-time domain messages from the system logs.

Before you begin

Role required: admin

Procedure

  1. Enable verbose domain logging.
  2. Navigate to System Diagnostics > Session Debug > Enable All. Because this is a real time review, there is no need to let the debug session run for a time before checking the log files.
  3. Navigate to System Logs > System Log > All.
  4. Search for the text Query against table.

    This query finds log messages in this format:

    08:36:43.974: [Domain Spool] Query against table incident restricted by domain values [Database Atlanta[db53580b0a0a0a6501aa37c294a2ba6b], 
    Database[287ee6fea9fe198100ada7950d0b1b73], 
    Database San Diego[db53a9290a0a0a650091abebccf833c6], global, NY DB[5f74727dc0a8010e01efe33a251993f9]]

    In this example, the user viewing the Incident table only saw records that matched the Database Atlanta, Database, Database San Diego, global, and NY DB domains.

View a historical domain message

You can view historical domain messages in the log file to troubleshoot domain separation issues.

Before you begin

Role required: admin

Procedure

  1. Enable verbose domain logging.
  2. Navigate to System Diagnostics > Session Debug > Enable All.
  3. Let the debug session run for a time period, such as a day, before checking the log files.
  4. Navigate to System Logs > Utilities > Node Log File Download.
  5. Open the record for the day you want to view. Log files use the naming format localhost_log.<yyyy-mm-dd>.txt.
  6. Click the Download log related link.
  7. Open the downloaded log file in a text editor and search for log messages with the following format:

    Query against table incident restricted by domain values [global, Software[8a4dde73c6112278017a6a4baf547aa7]]

    In this example, a user only saw records from the Incident table that matched the global and Software domains.