AD test connection Issue in the Partner Tenant

Hi all, I am facing an issue in the partner tenant, i.e., iam trying integrating the AD with SailPoint, when i perform the test connect it is showing timeout error waiting for response …so, I have identified one thing with VA cluster it is showing CCG service not available for VA… so, my query is AD test connection failed due to VA ccg service not available or any other related issues that can impact on test connection.?

I am having exactly this problem myself. How did you determine that ccg service was not available?

Hi @Prasad_muchanapally ,
The test connection timing out could very well be related to the VA cluster showing that the CCG service is not available. The CCG service is crucial for communication between IDN and external connectors like Active Directory, so if it’s down or unavailable, the AD test connection might fail due to an inability to reach the necessary services.

Coupe of check you can perform :

1. Verify if the CCG service is up and running, and troubleshoot any VA issues that could be affecting it. Run the following command to see if all the services including ccc is running

sudo docker ps

VA troubleshooting guide

2. Follow the steps on the above article regarding the ccg.
3. Run the below to restart ccg and see if that resolves the issue.

sudo systemctl restart ccg

4. Also make sure there are no firewall issues, If the network path from the VA to the AD server has issues (such as firewall restrictions, incorrect IP addresses, or port blocking), this could also cause a timeout. Double-check the network connectivity between the VA and AD.

Hope this helps!!

Hi @Prasad_muchanapally ,
Please let me know If this worked!! If not there is further troubleshooting and further details needed to troubleshoot the issue!

Hi @Prasad_muchanapally,

If you have download the VA image file from tenant i think its not working. Please download the VA image file from Document given link:

Use this cmd to get the key pair: va-bootstrap set-passphrase -t demo
After connection wait for sometimes if still CCG service is not showing restart the cluster and check after sometime.

Thank you.

Hi @Prashanth,

Thank you for your response, previously configured VA CCG status is not in running state and remaining services status ain’t same as CCG like, it is showing up .so, i am configuring a new va and keep you posted.

Hi Prasad, have you tried a netcat from VA to AD?

nc -zv -w 5 ip port

I am still unable to get a successful connection to my AD resource. I have verified on the server that it is a Global Catalog server, and I have configured that machine as GC in the ISC UI. nc says that 3268 is reachable and active, and I’m not currently using any TLS, and ccg is running on the VA but I continue to receive messages saying that the connection has failed.

@HowardWest Have you tried increasing the timedout error through API?

Thanks

what would be the operation or attribute for that? I don’t see anything on the AD source info.

You can achieve this through Update Source Partial API.

Here is the link to update the retry:

LMK if this works…

Thanks.

Thanks I wasn’t aware. will try for sure

Hi @Prasad_muchanapally,

If your using oracle virtualBox to maintain windows server, use port forwarding to access to your windows server.

Use NAT network configuration and, in port forwarding there Host IP is your local IP and Guest IP your windows server NAT IP required port. find below screenshot for your reference.

image606×444 24.3 KB

Thank You.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.