Keith Stevenson

@Kevin AllittAs above you need to use the Service Manager APIs not the Data SQL query (That was just so you can see using API and getting data) . Its the same concept (send XML parse the result) but different API.. https://api.hornbill.com/apps/com.hornbill.servicemanager/Requests?op=logRequest etc https://api.hornbill.com/apps/com.hornbill.servicemanager/ A good way is to mimic what the web browser does,.. In Chrome hit F12, log a call and watch the APIs being created.. Kind Regards Keith Stevenson

@Kevin Allitt The XML for SQL QUery was just an example of how to connect and send an XMLMC request. For logging calls et you will need to use the APIs under ServiceManager such as logServiceRequest (and create the XML based on whats required there ) .. The methods and expected params etc are listed in the below documentation. https://api.hornbill.com/apps/com.hornbill.servicemanager/ Kind Regards

Oscar, 2008 is not a supported Operating System by Microsoft since 2020.. (Even 2012 R2 is only valid for another 16 months). The solution is to move the data import tool to a machine later operating system Kind Regards

@Kevin Allitt From the above curl -v -X POST -H "Content-type: text/xmlmc;charset=utf-8" -H "Authorization: ESP-APIKEY $KEY" --data-binary @/home/kevinal/xml.xml https://mdh-p01-api.hornbill.com/pasm/xmlmc/data/ Executed the API correctly , however something (Usually rights ) prevented it. You will need to check the Logs (EspApiTransaction) at the time of running to see what the "reason" was Kind Regards

@Cecilia Blumenstock We have just had a session with John and found a full browser cache clear resolved the issue. Can you confirm Kind Regards

@Cecilia Blumenstock Can you confirm as above that this effects Admin users (not general users) or narrow it down any further @John C Will contact you directly with Zoom invite shortly.

@John C I made a typo in one of the tests Can you from the effected goto Results of https://mdh-p01-api.hornbill.com/instancename/xmlmc/ from an effected user. (replacing instancename with the name of your instance) Kind Regards

@Kevin Allitt I think the problem is I commented without having enough coffee curl -v -X POST -H "Content-type: text/xmlmc;charset=utf-8" -H "Authorization: ESP-APIKEY $KEY" --data-binary @/home/kevinal/xml.xml https:/mdh-p01-api.hornbill.com/pasm/xmlmc/data/ Should work

All, We monitor the instance health and availability from at least 5 locations worldwide every 5 minutes and the endpoint (service.hornbill.com) from 20 every 60 seconds. None of these has shown any errors for the past 30 days. This would suggest something local or in transport between customer and our data centers is blocking. Can you clarify when this occurred Where the users effected What is common about the users effected Does the issue follow the user (For example if error happens in office, does the problem occur out of office) Can the users get to live.hornbill.com/XXXX and login without error. Can you also get a HAR from Chrome Results of a ping to mdh-p01-api.hornbill.com Results of https://mdh-p01.api.hornbill.com/instancename/xmlmc/ from an effected user. Kind Regards Keith Stevenson

@Kevin Allitt I missed a bit in the instructions. Add data to the end of the URL. curl -v -X POST -H "Content-type: text/xmlmc;charset=utf-8" -H "Authorization: ESP-APIKEY $KEY" --data-binary @/home/kevinal/xml.xml https:/api.hornbill.com/pasm/xmlmc/data/ This service (ie data) is the first level of the below - https://mdh-p01-api.hornbill.com/pasm/xmlmc/ in which the API you are calling resides and matches the one in the XML Kind Regards Keith Stevenson

Oscar, Thanks for the reply. Can you confirm the version you downloaded (x86?) and the size of exe and zip (in Bytes) Kind Regards

Kevin Easiest way for CURL is to use the API Key (create one against your account or create a BOT account and use the following $KEY="APIKEY" curl -v -X POST -H "Content-type: text/xmlmc;charset=utf-8" -H "Authorization: ESP-APIKEY $KEY" --data-binary @/home/keiths/xml.xml https:/mdh-p01-api.hornbill.com/INSTANCEID/xmlmc/ then in xml.xml you create the XML to do whatever you want (From the API documented in your post) So for example <methodCall service="data" method="sqlQuery"> <params> <query>Select h_pk_reference from h_itsm_requests</query> </params> </methodCall>

@Adam KneeOutstanding. Cheers

@Adam Knee We only have the IP of the gateway (ie your corporate firewall) . We would not know where you run this from. Your Internal IT team\firewall team should be able to tell you where a request to Hornbill occurs from (especially if its at silly oclock at night\morning) @Alberto M Thanks for the feeback. Hopefully that is of some use to others (Not sure of the issue or how wide spread it was). But seems easy enough fix. Kind Regards Keith Stevenson

@John C This will be in the log at the top. Have checked your version and it is ,"=== XMLMC LDAP Import Utility V3.9.5 ===" The below URL should also show previous versions https://github.com/hornbill/goLDAPUserImport/tags The date for 3.12.0 is 21st Dec 2021 Kind Regards Keith Stevenson

From the 1st March 2022 , only the data import tool with version 3.12.0 will be supported. To prevent older versions we will change the Name of Any LDAP import using older versions on the 1st March, preventing your onsite Import From running (Unless you are running the 3.12.0 or above). To prevent this you should update to the latest version https://wiki.hornbill.com/index.php?title=LDAP_User_ImportHaving reviewed existing versions our customers are using this should be a drop in EXE change, however we strongly recommend you read the release notes for the versions between yours and 3.12.0 and run the import with the DRYRUN option after replacing the exe to confirm Download the x64 Binary or x86 Binary - https://github.com/hornbill/goLDAPUserImportRename you existing Binary to ldap_user_import.old , drop in the file from above to the folder you would like the application to run from e.g. C:\LDAP_Import\Open Command Line Prompt as AdministratorChange Directory to the folder with ldap_user_import.exe C:\LDAP_Import\Run the command ldap_user_import.exe -dryrun true -instance $INSTANCEID -apikey $APIKEY If you have any queries on this or the update to the latest version please respond below.

All, We monitor the instance health and availability from at least 5 locations worldwide every 5 minutes and the endpoint (service.hornbill.com) from 20 every 60 seconds. None of these has shown any errors for the past 30 days. This would suggest something local or in transport between customer and our data centers is blocking. Can you clarify when this occurred Where the users effected What is common about the users effected Does the issue follow the user (For example if error happens in office, does the problem occur out of office) Can the users get to live.hornbill.com/XXXX and login without error. Can you also get a HAR from Chrome Results of a ping to mdh-p01-api.hornbill.com Results of https://mdh-p01.api.hornbill.com/instancename/xmlmc/ from an effected user. Kind Regards Keith Stevenson

Dear Andrew. Thanks for the post. This was due to the monthly optimise creating a somewhat larger than expected temp file. This has now been resolved. KInd Regards Keith Stevenson

@Josh Bridgens Thanks for the reply. Would be interested in any response from MS, given when we asked they confirmed they had checked and that IP was never on any list Kind Regards Keith Stevenson

Josh As Trevor points out. They are our IP addresses. This seems to be a new "feature" Microsoft are rolling out for security. Sadly it seems to have unexpected consequences. In lieu of any actual evidence of wrong doing, we understand this to be a false flag by Microsoft in response to a IP (Our gateway) being shared by all customer instances behind this. From a MS perspective this would appear that multiple logins to different MS customer tenants originate from the same IP. We have escalated this to MS for clarification and removal from this list, however they have informed us that our IP (87.117.243.10) is not and has never been on any black or spray list and therefore a false flag. We would therefore advise any customer seeing the issue to within MS Admin centre Tag the IP address as valid and escalate via their own methods to MS support on hope of finding out more whilst whitelisting our IPs listed in https://wiki.hornbill.com/index.php?title=Hornbill_Cloud_and_Platform Kind Regards Keith Stevenson

Jeremey, Thanks for the reply. Finding the information will be via reports (which will give a list of IDs, references). Deletion will be done (And can be for Calls) via the Hornbill Clean Utility already available, which we should be able to expand to include emails. The harder bit is the find\replace (on Custom fields or Diary entries) and we are looking at the best solution. Will post back soon. Kind Regards Keith Stevenson

Jeremy Thanks for the post. We are putting together a doc on GDPR and managing requests in Hornbill, but as you can imagine every customer depending on their business is different and as we are not the data controller we do not have visibility of what people store and where, so can only talk in generics. One thing that would be required as a first step is that you have a Policy in place for GDPR and PII which covers where you store PII and in what form. This should list all the fields\application areas that you permit your analysts or customers to store PII and the assessment of this against the 3 criteria and how you enforce this (This should exist regardless of whether the data is in Hornbill or not) Purpose test: are you pursuing a legitimate interest? Necessity test: is the processing necessary for that purpose? Balancing test: do the individual’s interests override the legitimate interest? Once you have that, you then know what is valid to keep regardless of any request (It may be that keeping details of Requests and the user is a legitimate business reason to provide "audit trail" etc later on as long as the information is minimised ) and only then can you decide on what needs to be removed\kept. But this is all depending on what you store and why. Then you\we can look at how to comply with the request, for example, deleting the emails (May be safe to assume that emails on their own and not associated to calls have no purpose), removing calls (some calls may not be required, others may be required for future audit or evidence) or replacing PII (For example, it may be that if you store FirstName Surname you can get away with replacing this with FirstName - as that may not identify an individual or with just the generic word USER. ) and the document will explain how to find all emails, posts, calls for a given user, how to delete bulk emails for a given user, how to delete a set of calls etc. The guide\document we are producing should help with the later stages but the fundamentals of process and how you manage\decide what PII to keep in the first instance is internal to your organisation and that's where any process must start (Its far easier to manage GDPR if you dont store PII {or just the bare minimum} and for that you need polices in place, awareness training conducted and enforced to prevent analysts from adding it) . Will post the document as soon as its ready. Kind Regards Keith Stevenson

@Nikolaj Thanks for the reply. The bit in the code that does the getting of the instance details (and which would have needed to fail) is a connection in your browser to file.hornbill.com or files,hornbill.co (It requests both and accepts first response). For you to get that error it suggests both failed. The logs for those servers show no issue (Both are in different Data centers) and the checks we have on those URLS fire every 60 seconds from 15 different world locations and neither URL has dropped 1 request in last 30 days, so suggests something between you and instance. We will continue to monitor but if the issue occurs again can you do F12 to view Developer tools and see if there are any errors (These would appear RED in the network tab) and DM me those. Kind Regards Keith Stevenson

@Nikolaj All our testing shows no issues. Can you confirm this is still occuring or if its intermittent? Kind Regards Keith Stevenson

All The patch has been deployed. Please confirm the issue is resolved. @Martyn Houghton The same root cause so should have fixed all. Please confirm Kind Regards