Moveworks for Web Troubleshooting Guide
Moveworks for Web on ServiceNow Using ServiceNow JWT provider for Authentication
If you are experiencing issues with the bot not being visible in the ServiceNow portal, please follow the steps below to troubleshoot and resolve the problem:
-
Check the Console Logs in the Browser:
-
From the ServiceNow Service Portal or page where you are expecting to see the bot, right-click anywhere on the page and select "Inspect."
-
In the Inspect window, navigate to the "Console" tab.
-
Look for any
401
error status code fromhttps://webchat-kprod.moveworks.io/auth/
- If the URL in the error does not contain "webchat-kprod," and instead referenced “kmovedev” please open a ticket with Moveworks support so that we can correct the issue.
-
Look for any
403
ERR_ABORTED error status code error messages similar to the following error:GET https://webchat-kprod.moveworks.io/movewebchat-client-script.js?_=1646323700771 net::ERR_ABORTED 403 (Forbidden)
- This error means that the firewall is blocking the webchat domain or the custom script that runs on this domain. Contact your network team and ask them to allowlist the domain
https://webchat-kprod.moveworks.io
- This error means that the firewall is blocking the webchat domain or the custom script that runs on this domain. Contact your network team and ask them to allowlist the domain
-
Look for Check for Cross Site Scripting (XSS) Errors similar to the following error:
Refused to frame 'https://{{URL}}/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"
- This error typically means that the bot has been blocked from running on the specific site. Please create a ticket with Moveworks Support and include the error message so we can evaluate if a domain needs to be added as a CSP directive.
-
Check for
Error: WebSocket connection failed
-WebSocket connection to ‘wss://webchat-kprod.moveworks.io/socket.io/?ETO-4&transport-websocket’ failed
- To resolve this issue, contact your network team to allow bypass of SSL inspection for the domain (
wss://webchat-kprod.moveworks.io
) for SSL inspection
- To resolve this issue, contact your network team to allow bypass of SSL inspection for the domain (
-
-
-
Confirm the Moveworks Web Bot snippet has been added to the Service Portal by revisiting the Step 4 - Place the widget on your portal pages section of the configuration guide.
- You can also confirm the widget is in place by checking the elements in the browser console. From the ServiceNow Service Portal or page where you are expecting to see the bot, right-click anywhere on the page and select "Inspect." In the elements tab, search for "mw4web". If the snippet to load the bot is present on the page you will see a reference to "mw4web_iframe".
-
Review ServiceNow System Logs
- If you encounter an "Access Denied to cryptographic module" error, follow the steps provided in the ServiceNow knowledge base article KB1115784 to apply the workaround.
If the issue persists after following these steps, please reach out to our Customer Support team for further assistance.
Moveworks for Web on SharePoint Online (Cloud)
If you are experiencing issues with the bot not being visible in SharePoint, please follow the steps below to troubleshoot and resolve the problem:
-
Check the Console Logs in the Browser:
-
From the page where you are expecting to see the bot, right-click anywhere on the page and select "Inspect."
-
In the Inspect window, navigate to the "Console" tab.
- Look for any error referencing
blocked by CORS policy
- This may indicate that the URL needs to be added to the Moveworks allowlist. Please contact support at [email protected] and provide the error and URL so we can assist you further.
- Look for any error referencing
-
Moveworks for Web configured via a code snippet and SSO for Authentication
If you are experiencing issues with the bot not being visible and have configured the web bot using the code snippet method authenticating through SSO, please follow the steps below to troubleshoot and resolve the problem:
-
From the page where you are expecting to see the bot, right-click anywhere on the page and select "Inspect."
-
In the Inspect window, navigate to the "Console" tab.
-
Look for any
401
error status code fromhttps://webchat-kprod.moveworks.io/auth/
. If you see an error check the following items:- Confirm that the SSO application created for Moveworks for Web is assigned to users. If the SSO application is not assigned, users will not be able to authenticate and access the web bot.
- Confirm that the client secret/credential for the Moveworks for Web SSO application has not expired.
- If expired, please contact [email protected] so we can work with you to configure a new credential
-
Check for
Error: WebSocket connection failed
-WebSocket connection to ‘wss://webchat-kprod.moveworks.io/socket.io/?ETO-4&transport-websocket’ failed
:- To resolve this issue, contact your network team to allow bypass of SSL inspection for the domain (
wss://webchat-kprod.moveworks.io
) for SSL inspection
- To resolve this issue, contact your network team to allow bypass of SSL inspection for the domain (
-
Check for
Refused to display 'ht chrome-error://chromewebdata/ :1 tps://login.microsoftonline.us/' in a frame because it set 'X-Frame-Options' to 'deny'.
or similar error-
To resolve this issue, your browser or security team will need to allow cookies for the following URLs:
- http://login.microsoftonline.com/
- http://login.microsoftonline.us/
- https://webchat-kprod.moveworks.io/
- For EU customers: webchat.prod.am-eu-central.moveworks.io
- For CA customers: webchat.prod.am-ca-central.moveworks.io
- For AU customers: webchat.prod.am-au-southeast.moveworks.io
- For GovCloud customers: webchat.moveworksgov.com
-
-
Check for
Refused to frame 'https://<customer>.okta.com' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"
- If your Okta environment is the referenced URL, this suggests that the user does not have an active session in Okta. Try navigating directly to
https\://<customer>.okta.com
and confirming that the user is both logged in and assigned the appropriate Okta app. - A similar error message for
[Report Only] Refused to frame ...
that contains the[Report Only
tag can be safely ignored. If you are seeing issues with loading the web bot, scroll further below to find an error that does not contain[Report Only]
.
- If your Okta environment is the referenced URL, this suggests that the user does not have an active session in Okta. Try navigating directly to
-
-
If the issue persists after following these steps, please reach out to our Customer Support team for further assistance.
Updated 2 months ago