Active directory connection error

sureshbommareddy98 · November 7, 2025, 2:47pm

Hi Team,

We are getting connection reset error while testing the test connecttion for AD application. I have installed iqservices on 5050 port only and I haven’t selected usetls checkbox.

Can you please help me how to disable the certification it is testing environment

ERROR: "An Exception occurred while accepting new client requestSystem.IO.IOException: The handshake failed due to an unexpected packet format.

at sailpoint.rpcserver.RpcHandler. AuthenticateServer(X509Certificate2 serverCertificate, SslProtocols sslprotocol, Boolean initialCall) at sailpoint.rpcserver. RpcHandler..ctor(Hashtable services, Hashtable registry, TcpClient client, String port, Boolean useTLS, String subject, String tisversion, String registeredClients, String serialNumber)"

msingh900 · November 7, 2025, 7:10pm

Can you please share the screenshot of the configuration that you have done in your AD app.

amit_1140 · November 8, 2025, 5:59am

@sureshbommareddy98 -

The root cause seems to me is -
IQService is trying to do a TLS handshake (“AuthenticateServer… SslProtocols…”) while your IIQ AD application is connecting without TLS. That mismatch causes “handshake failed due to an unexpected packet format” and then a connection reset.

Could you please confirm if your application configuration and IIQ configuration both are pointing to tls/SSL port?

kevinwoodbury · November 9, 2025, 2:09pm

Have you configured the IQService for TLS when you installed it? A part of that configuration is to have a specific SSL Certificate issued and installed on the IQService host. There are specific attributes that must be set on the issues SSL certificate as well. I typically generate a CSR and pass it along to our key management team to have a cert issued from the corporate CA, however I believe self-signed certificates may also work.

Please note that 5050 is the “standard” non-TLS IQService port. I recommend running TLS for IQService on something other than 5050. You need to run this with TLS as upcoming releases of IdentityIQ will not allow for Before/After scripts to be run if TLS is not enabled.

This compass link should be of help. https://community.sailpoint.com/t5/IdentityIQ-Connectors/IQService-TLS-and-Client-Authentication-Configuration/ta-p/75273

sandeep426 · November 10, 2025, 2:39am

I am guessing that you might have not selected ‘useTLS’ checkbox in IQService configuration in your AD application. If not, select it first.

And also, I do not think there is an option without configuring SSL/PKI certificate for communication b/w IQService and IdentityIQ, so generate it

pattabhi · November 12, 2025, 5:35am

Hi @sureshbommareddy98

un install IQService then install with TLS port 9280(specified TLS port).

IQService.exe -i -o 9280 -s <path_to_your_keystore.jks> -k <keystore_password>

Verify the Registration

IQService.exe -a list

If no user registered, Run the registration command

IQService.exe -a "DOMAIN\username"

the above steps helped us to resolve the connection reset issue.

system · January 11, 2026, 5:35am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IIQ 8.5 IQservices issue IIQ Discussion and Questions identityiq	15	296	October 19, 2025
We have detected an error from the managed system. Error Received: Connection reset ISC Discussion and Questions aggregation , identity-security-cloud , provisioning , connectors	3	141	February 20, 2026
Active Directory Test Connection Fail IIQ Discussion and Questions identityiq	11	529	March 15, 2025
[IDN] Fail to connection the IIQ service ISC Discussion and Questions identity-security-cloud	8	244	January 13, 2025
Active Directory Source Issue ISC Discussion and Questions identity-security-cloud , connectors	5	812	February 4, 2025

Active directory connection error

Related topics