Im working with IDN and I need your support on one issue I’m currently facing. After aggregating the authoritative source, I can see how the identities are created on IDN and also the AD accounts based on the identity profile. The problem is when I run the aggregation again of the Authoritative Source or AD, seems that the AD accounts disappear from the users and IDN tries to create a new one but the error is:
java.lang.RuntimeException : sailpoint.tools.GeneralException: Error running rule transform:sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: java.lang.Exception: Unable to contact connector to generate unique value and is not retry-able. Action:UniqueAccountIdValidator: Calling getObject for objectType ‘account’ using id ‘CN=Ifs HR01PF3EMP352,OU=SailPoint,DC=xxxx,DC=xxxxx,DC=com’ and options ‘{cloudConfigOverrides={aggregateTimeout=30, disablePooling=true, timeout=30}}’ on source ‘Active Directory [source]’. Exception: sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 1093 from client 988e01ab-16a7-444d-8784-c2e55d852f9d after 30 seconds. BSF info: Create Unique Account ID at line: 0 column: columnNo
Any idea?? Is just happening with the AD accounts created by Sailpoint IDN.
Hi @Beatriz ,
The account is not getting created on AD end. It is still in cloud layer & unable to generate the correct distinguishedName.
There is a space in CN Ifs HR01PF3EMP352, is this intentional? Are you able to create AD account manually with space?
Thank you for your reply. About the space, its a prerequisite of my client. The thing is that since 3 days ago, any provisioning activity is working but if I run an AD aggregation it works. Also, as far as I can see, the IQservice Server is up and running.
Hi @AnamicaShroti Sorry to bother you but we are stuck here. All AD Task are Frozen so we can not run any test. More than 10k provision activy task are pending.
Any idea?
Sounds like you’ll want to reach out to support to help clean up the backlog of 10,000 provisioning activities. Or you can wait for it to timeout by itself. Sounds like you’ll want to review your create profile and maybe start with static values before continue with a transform route to rule out the issue completely.
Stage: Refresh
Message:
trackingId: dc7ff37ba3904f6ba64b4e59b2f657b9 java.lang.RuntimeException: sailpoint.tools.GeneralException: Error running rule transform:sailpoint.tools.GeneralException: The application script threw an exception: java.lang.RuntimeException: java.lang.Exception: Unable to contact connector to generate unique value and is not retry-able. Action:UniqueAccountIdValidator: Calling getObject for objectType 'account' using id 'omitted' and options '{cloudConfigOverrides={aggregateTimeout=30, disablePooling=true, timeout=30}}' on source 'Azure AD [source]'. Exception: sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 86 from client cf5b55da-d569-4dab-be88-636dc629d096 after 30 seconds. BSF info: Create Unique Account ID at line: 0 column: columnNo
This can be a DNS issue, you may either add a domain controller on the AD source using either the IP or FQDN.
OR
You may troubleshoot DNS connectivity.