AD time out Issue

Dear All, I am getting AD time out, I tried to restart my VA as well as per diagnostic step but it didn’t worked, while testing connection, Its showing me time out after 15 seconds any idea on this type of error? Here is CCG Snapshot what I got from logs, Please let me know what should I check to fix this issue?

“exception”:{“stacktrace”:"com.sailpoint.pipeline.server.StreamCancelledException: HTTP response code 410 for URL XXXXXXXXXXXX/hecate/pipeline/response?sub=ac4b0acc-b3c1-4b68-bd1d-8ebd287eb3f5&message=15&pod=XXXX1&org=XXXXXX\n\tat com.sailpoint.pipeline.server.HttpPostResponseHandler.sendResponse_aroundBody0(HttpPostResponseHandler.java:141)\n\tat com.sailpoint.pipeline.server.HttpPostResponseHandler$AjcClosure1.run(HttpPostResponseHandler.java:1)\n\tat org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:167)\n\tat com.sailpoint.metrics.TimedAspect.logTimed(TimedAspect.java:24)\n\tat com.sailpoint.pipeline.server.HttpPostResponseHandler.sendResponse(HttpPostResponseHandler.java:101)\n\tat com.sailpoint.pipeline.server.JwtPostResponseHandler.sendResponseInternal(JwtPostResponseHandler.java:80)\n\tat com.sailpoint.pipeline.server.JwtPostResponseHandler.sendResponse_aroundBody0(JwtPostResponseHandler.java:73)\n\tat

Hi @gagan02 ,
could you please try to increase timeout and see if that works.
please check below link and see if it helps you to resolve problem: Timeout Errors and Settings
You need to use the Partial Source Update (https://developer.sailpoint.com/idn/api/v3/update-source ) API to modify the timeout value.
Also check your VA is in connected state and the ccg version of VA is available in ISC.
If still not working try to IP address of the AD server
I found similar issue here: Timeout Error When Connecting SailPointNow to Active Directory - #12 by MisalRohit

Hey,

Are you getting AD timeouyt or IQ serviceMachine Timeout?

Please remove the IQ service configuration, run a test connection and see if it works.
After, you put the iqservice configuration, go into IqserviceMachine , enable Debug Log with iqservice.exe -l 3 , and tail the log.
Test it again, if no Connection appear on the logs, means that the comunication between VA and Iqservice machine is broken .

BesT

Hey @ipobeidi : Is it possible to check the connection without configuring iq service ? Are you sure.
Although I haven’t add any iQ service within my configuration. Please confirm then I will be checking both possibilities.

@gourab : I don’t think so that I need to increase timeout duration as previously we had configured one of AD connection with default settings and that worked without any issues. I will be trying this also and will update you tomorrow

Hi @gagan02 ,

Apart from above mentioned possibilities by @ipobeidi and @gourab , you can also check your service account accessibility/validity. Sometimes if service account gets locked, AD connection fails with a timeout.

If none of these works, you can enable AD debug logs and check the ccg logs to see the exact cause of the timeout.

Thanks,
Shailee

Hi @gagan02
Have you tried port testing for AD and IQService server? Also please check outbound rules on windows defender because of this also I have faced timeout error many times.

Yes, it’s possible to check the connection without configuring the IQService.
First, you can test the connection without the IQService, and then try again after configuring it. Make sure to review the logs in both cases to gain more clarity on any issues that may arise. This way, you’ll have a better understanding of the potential cause, whether it’s related to the IQService or another configuration aspect.

Hello Guys, Thanks for helping to resolve this issue, now this issue has been resolved. I don’t see any timeout error and it has been resolved after reconfiguring again and then I took restart of VA in order to refresh host entries.