Share all details related to your problem, including any error messages you may have received.
Hello Experts,
I have noticed that AD Aggregation is failed with multiple error. I have identified that without Create link options it is failing but with Create link option, it is working fine.
Please suggest.
Error 1 - Cannot insert duplicate key in object ‘identityiq.spt_identity’. The duplicate key value is (CAQA\caderogb).
2024-05-24T11:23:34,596 ERROR Thread-5303 sailpoint.api.Aggregator:1916 - Exception during aggregation of xx\caderogb. Reason: org.hibernate.exception.ConstraintViolationException: could not execute statement
Error 2 – Exception during aggregation of CN=Adiham, Alxxxxx,OU=CHQ-QA,OU=Users-QA,OU=xxxx-QA,DC=xxxx,DC=xxxx,DC=com. Reason: java.lang.NullPointerException: Cannot invoke "sailpoint.object.Identity.getName()" because "this._lastIdentity" is null.
It looks like IIQ trying to create Identity for orphaned AD account but can’t because the name it tries to use is already in use.
I would start checking from -
Correlation - to check why account is not getting correlated to the existing identity
IdentityCreationRule - to check why it tries to create non unique identity name as it might be issue in the future
In worst case you can just write CustimizationRule to exclude this account from aggregation but it does not really solve your problem - just masks symptoms.
@kjakubiak Thanks for the explaining.
I understand that error 1 is happened due to duplicate of users.
Can you please help me for Error 2 how to to fix that. is this something happened due to missing EmployeeID or username.
I think it’s happening because of the same reason - as in previous step no identity was created - now it is null while IIQ expects to have Identity object in _lastIdentity.
do you have Aggregator logger set to something above Info? there is a bug in this logger and it can sometimes throw nullpointer in _lastIdentity when it is set to Info log level or more.