AD Provisioning failure

sureshbomm · October 7, 2025, 10:45am

Hi Team,

We are getting the below error while provisioning to AD. Can you please suggest on this

javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
at java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:457)
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:175)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:925)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1295)
at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:234)
at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:313)
at java.base/sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:318)
at java.base/sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:160)
at java.base/java.io.OutputStreamWriter.flush(OutputStreamWriter.java:248)
at java.base/java.io.BufferedWriter.flush(BufferedWriter.java:257)
at sailpoint.connector.RPCService.writeContentLengthInfo(RPCService.java:605)
at sailpoint.connector.RPCService.writeRequestToOutputStream(RPCService.java:589)
at sailpoint.connector.RPCService.execute(RPCService.java:511)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at bsh.Reflect.invokeMethod(Reflect.java:166)
at bsh.Reflect.invokeObjectMethod(Reflect.java:99)
at bsh.Name.invokeMethod(Name.java:858)
at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:75)
at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:102)
at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:47)
at bsh.BSHVariableDeclarator.eval(BSHVariableDeclarator.java:86)
at bsh.BSHTypedVariableDeclaration.eval(BSHTypedVariableDeclaration.java:84)
at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
at bsh.BSHBlock.eval(BSHBlock.java:80)
at bsh.BSHBlock.eval(BSHBlock.java:46)
at bsh.BSHTryStatement.eval(BSHTryStatement.java:88)
at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
at bsh.BSHBlock.eval(BSHBlock.java:80)
at bsh.BshMethod.invokeImpl(BshMethod.java:371)
at bsh.BshMethod.invoke(BshMethod.java:267)
at bsh.BshMethod.invoke(BshMethod.java:195)
at bsh.Name.invokeLocalMethod(Name.java:917)
at bsh.Name.invokeMethod(Name.java:804)
at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:75)
at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:102)
at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:47)
at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
at bsh.BSHBlock.eval(BSHBlock.java:80)
at bsh.BSHBlock.eval(BSHBlock.java:46)
at bsh.BSHIfStatement.eval(BSHIfStatement.java:48)
at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
at bsh.BSHBlock.eval(BSHBlock.java:80)
at bsh.BSHBlock.eval(BSHBlock.java:46)
at bsh.BSHIfStatement.eval(BSHIfStatement.java:48)
at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
at bsh.BSHBlock.eval(BSHBlock.java:80)
at bsh.BSHBlock.eval(BSHBlock.java:46)
at bsh.BSHIfStatement.eval(BSHIfStatement.java:48)
at bsh.BSHBlock.evalBlock(BSHBlock.java:130)
at bsh.BSHBlock.eval(BSHBlock.java:80)
at bsh.BSHBlock.eval(BSHBlock.java:46)
at bsh.BSHIfStatement.eval(BSHIfStatement.java:48)
at bsh.Interpreter.eval(Interpreter.java:664)
at bsh.Interpreter.eval(Interpreter.java:758)
at bsh.Interpreter.eval(Interpreter.java:747)
at bsh.util.BeanShellBSFEngine.eval(BeanShellBSFEngine.java:186)
at org.apache.bsf.BSFManager$5.run(BSFManager.java:445)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
at org.apache.bsf.BSFManager.eval(BSFManager.java:442)
at sailpoint.server.BSFRuleRunner.eval(BSFRuleRunner.java:249)
at sailpoint.server.BSFRuleRunner.runRule(BSFRuleRunner.java:218)
at sailpoint.server.InternalContext.runRule(InternalContext.java:1315)
at sailpoint.server.InternalContext.runRule(InternalContext.java:1287)
at sailpoint.workflow.RapidSetupLibrary.executePostRule(RapidSetupLibrary.java:688)
at sailpoint.workflow.RapidSetupLibrary.executePostJoinerRule(RapidSetupLibrary.java:629)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at sailpoint.server.ScriptletEvaluator.doCall(ScriptletEvaluator.java:134)
at sailpoint.server.ScriptletEvaluator.evalSource(ScriptletEvaluator.java:63)
at sailpoint.api.Workflower.evalSource(Workflower.java:5937)
at sailpoint.api.Workflower.advanceStep(Workflower.java:5176)
at sailpoint.api.Workflower.advance(Workflower.java:4563)
at sailpoint.api.Workflower.startCase(Workflower.java:3149)
at sailpoint.api.Workflower.launchInner(Workflower.java:2818)
at sailpoint.api.Workflower.launch(Workflower.java:2668)
at sailpoint.api.Workflower.launch(Workflower.java:2502)
at sailpoint.request.WorkflowRequestExecutor.execute(WorkflowRequestExecutor.java:177)
at sailpoint.request.RequestHandler.run(RequestHandler.java:163)
Suppressed: java.net.SocketException: Connection reset by peer
at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:425)
at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:445)
at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:831)
at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1035)
at java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:419)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:145)
… 84 more

msingh900 · October 7, 2025, 11:22am

Probably you didn’t use the correct port number for HTTPS. Please verify the connection settings. (IQ Service connection settings also)

haideralishaik · October 7, 2025, 11:49am

hi @sureshbomm

The error javax.net.ssl.SSLException: Unsupported or unrecognized SSL message typically indicates a protocol mismatch — likely trying to initiate an SSL/TLS handshake with a non-SSL endpoint.

Please verify:

The AD endpoint supports SSL and is using the correct port (e.g., LDAPS on 636).
The connector configuration matches the expected protocol.
The SSL certificate is valid and trusted by the IIQ server.
No proxy or firewall is interfering with the handshake.

sureshbomm · October 7, 2025, 12:02pm

We are disabling the USETLS and saved application, but it came back normally,

haideralishaik · October 7, 2025, 12:13pm

hi @sureshbomm

Could you please give it a try from Debug page and see if the TLS setting persists correctly?

sureshbomm · October 7, 2025, 12:42pm

No luck, I tried same

sagr0812 · October 7, 2025, 1:18pm

@sureshbomm : From the recent release notes I noticed the recommendation to enable the IQ Service TLS port. I encountered a TLS-related issue some time ago and followed the article linked below. I still needed to take a few additional steps to resolve the TLS problem for IdentityIQ, so I’m sharing those in case they help with your troubleshooting. Thanks

RAKRHEEM · October 7, 2025, 2:50pm

Are you still facing the issue ?

sureshbomm · October 7, 2025, 3:04pm

Yes , please let me know if you have steps to resolve it

phodgdon · October 8, 2025, 2:14am

I would uninstall and reinstall the service. I doubt it was installed with the TLS version. Typically you would do a -o 5060

sureshbomm · October 8, 2025, 4:24am

I have installed IQservice on 5050

naveenkumar3 · October 8, 2025, 4:59am

5050 is not a tls port. If you have installed the iq service on 5050 port. Please uncheck the tls check box from the active directory configuration and also update the port number. Please do a test connection, and see what error you get

sureshbomm · October 8, 2025, 5:09am

I tried with unchek IQservices only, but the blow AD configuration empty filed use tls enabled, Unchecked the useTLs and saved it but again those are coming when i open the application

sureshbomm · October 8, 2025, 5:44am

We are getting the below error so can you please let me know how to generate the self-signed certificate and import it, we are using OpenJDK version

naveenkumar3 · October 8, 2025, 10:57pm

Follow the below link for configuring TLS

https://community.sailpoint.com/t5/IdentityIQ-Connectors/IQService-TLS-and-Client-Authentication-Configuration/ta-p/75273

system · December 7, 2025, 10:57pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IIQ 8.5 IQservices issue IIQ Discussion and Questions identityiq	15	254	October 19, 2025
One of the Active Directory Provisioning is getting failed IIQ Discussion and Questions aggregation , identityiq	5	340	June 17, 2024
TLS Enablement for IQ Service and VAs using Self Signed Certificate ISC Community Knowledge Base identity-security-cloud , provisioning , virtual-appliance , iqservice , virtual-appliance-cluster	11	795	December 22, 2025
IQ Service Error during AD Account Creation/Modification Request ISC Discussion and Questions identity-security-cloud , provisioning , iqservice	11	211	November 8, 2025
Enabling TLS in SailPoint IIQ Discussion and Questions identityiq , connectors	2	709	August 12, 2024

AD Provisioning failure

Related topics