in AD we see duplicate account twice or thrice in a month, where it gives error of provisioning timeout of 60 sec. however with seconds of create account failure we could see another create account passed. causing 2 accounts for identity to be created.
By doing some research and checks.
We found 2 steps that could be done
increasing timeout from 60 to 120
Enable option for rollback partially created account.
since its intrmittent issue we are thinking of enabling the rollback option first.
However need help to understand if we enable this, it should not cause any issue with account that were failed in past and are correlated now.
The option 2 may not work in your case, as the enable rollback comes into play when at least one of the attribute provisioning fails, but the account creation is successful. Here, in your scenario since IDN cannot determine if the account is created or not, it cannot rollback the activity.
I would suggest making the provisioning and IQservice response timeout to 120 and see how it behaves.
Thanks for quick response guys would adding timeout value from Visual studio code will suffice the timeout issue. for reference i have attached error so it give clarity.
