8.3
Hi guys,
I’ve been facing issues with IIQ performing tasks like creating accounts or removing roles in AD. I keep getting an error saying connection refused : connect.
Any idea on what the issues could be?
Hi @Aaronlobo11,
it could be depends on the configuration of connector or permission on AD that have your service user.
For example, be sure your not working on the catalog server(port 3268) like connected server because you can read a part of the attribute of an account but you cant write; also, you can try to use Apache directory studio to proof if you have the permission
@Aaronlobo11 Could you please share a screenshot of the error and the corresponding SailPoint log details? This will help us better understand the issue and provide a more accurate solution
Hi @Aaronlobo11, This error is quite generic.
it can be something from the following (or some of them).
Network & Firewall Issues for the ports that are identified in the IQService Doc like and limited to: 389 (LDAP) / 636 (LDAPS), 445, 135, etc…
you can troubleshoot using telnet or TNC if the telnet is prohibited.
AD Connector Misconfiguration
If using LDAPS, ensure the AD server certificate is imported into Java’s keystore.
Check if the Bind (Service) Account used in the AD connector is locked, expired, or has insufficient permissions.
Check If WinRM is blocked, allow it in the firewall or from the group policy.
Raise the log level to get more insights in both log4j2 and IQService logs
Let us know if you have any further insights :).
Regards,
Muhammad