Active Directory Source Issue

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello Everyone,

I’m attempting to connect my partner demo tenant to an Active Directory server in my sandbox environment. I’ve played with just about every option on the sailpoint config page and I continue to get similar messages. The VA and AD can ping each other successfully. I have also opened ports 5050-5051. Here are a couple of error snippets with obscured details.

The following using TLS over port 636:

[ InvalidConfigurationException ] [ Possible suggestions ] Ensure that the Active Directory Service is up and running. [ Error details ] Failed to connect to - dc=xyz,dc=xyz : java.lang.Exception: [ERROR 1] Failed to connect to server:ldap://1hostname:636 - java.net.SocketException: Connection reset by peer (Write failed)

The following using non-TLS over port 389:

[ InvalidConfigurationException ] [ Possible suggestions ] Enter valid domain credentials. [ Error details ] Failed to connect to - dc=xyz,dc=xyz : java.lang.Exception: [ERROR 1] Failed to connect to server:ldap://hostname:389 - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090449, comment: AcceptSecurityContext error, data 52e, v3839]

2

Error message after opening ports 5050-51

image
image1180×728 58 KB

3

hello @izzy1 !

Welcome to the Developer Community :tada:

5050 , 5051 are the ports used for IQ service .
Try the following steps :

  • Do not Enable TLS in the configuration .
  • Do not configure IQ Service (keep it empty) .
  • Port test for 389 on VA : nc -zv -w ipaddress portnumber and check if port is fine .
  • use port 389 , and give ipaddress instead of hostname in server:ldap://hostname:389, as hostname need to be configured properly in hosts.yaml .

Once if this test connection succeeds you can configure with TLS , IQService which needs additional things to be settedup.

Thank you .

1 Like
4

Hi Tarlapally,

The command you provided to test the port did not work. “NC: timeout invalid”

Your other suggestions worked. I was able to test the connection successfully after disabling TLS and using port 389 with no IQService config.

Now, when I tried to go back to add IQService config, I get this message:

" Error Received:

Exception occurred while executing the RPCRequest: Errors returned from IQService. Client authentication failed with error - The filename or extension is too long"

I’ve ensured the username has been registered in IQS with the IQService.exe -a command. I restarted the service and confirmed the username was registered with IQService.exe -a list command.

I have the username in domain\username format.

5

Follow the below Steps:

Approach 1 :

  • In the IQ Service configuration on UI replace the IQ service account password with some random value . Example : “test”
  • Test the connection
  • Now replace the IQservice account password with original password
  • Test the connection

Approach 2:

  • Reset your IQservice Credentials / Add a new user in IQ Service
  • Use this user details in the IQService Configuration on the UI .

Try both these and let me know if it is working, This is a common issue that we encounter .

Thanks

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.