ISC AD –>IQService TLS Test Connection failed with error: Exception occurred while executing the RPCRequest: Errors returned from IQService. Client Authentication Failed: Please validate your credentials and IQService Configuration.
Have tried: 1) registered AD domain user (the service account used in AD Domain settings) yet the domain user is not found in Check Name as IQService server domain is different from AD domain (not joined) and AD domain is invisible, got the error above. then 2) wanted to use Local System Account, not sure what the user name should be registered and entered in IQService Settings with this option, please advise. 3) tried to use logged in user for login in IQService server, got the same error. ran out of ideas, please help. many thanks in advance.
Hi @yunhanspiiq ,
Welcome to SailPoint Developer Community!!!
Can you please tell me whether you are using same user with IQService config in SailPoint as well. Be sure if you are using TLS in IQService then you are required to register during IQService installation and use same user ID and password in IQService Configuration page in SailPoint Connector configuration as well. If you are not using TLS then you need not register user in IQService, you should be able to connect directly just by passing IQService Host and Port.
Please follow https://community.sailpoint.com/t5/Other-Documents/IQService/ta-p/158011 url for IQService configuration.
Let us know in case you have any concern.
Hi Prashant, Thanks much for responding my question quickly
Here is our case:
IQService’s domain: iqdomain1.com
I have local admin account named iquser on this IQService VM
AD’s domain: adtest.local
Service account on the AD domain: adtestlocal\isctest
What I did:
- Loged in IQService VM using my local admin account iquser, installed and registered IQService with TLS port
IQService.exe -i -o (5050)
- registered AD domain service account in IQSerice VM:
IQService -a list
adtestlocal\isctest
retarted IQService after.
- in ISC, SourceàActive DirectoryàDomain/Forest Settings:
Host: AD’s FQDN
Userid: adtestlocal\isctest
Pwd: the service account’s password
Port: 636
TLS enabled
- in ISC, SourceàActive DirectoryàIQService Settings:
Host: IQService server’s FQDN
Port: 5050
IQService User: adtestlocal\isctest
IQService password: the service account’s password
- IQService ServiceàPropertiesàLog On Tab, changed to Radio button
This account: adtestlocal\isctest
Password: the service account password
Confirm password: the service account password
Then click on OK, came up an error message window:
The following object is not from a domain listed in the Select Locations dialog box, and is therefore not valid.
adtestlocal\isctest
Somehow, AD domain adtest.local is not displayed in the Locations (accessible domains, many there but ono adtest.local), so the service account on AD domain is not “valid”.
Any idea to resolve the issue or what I have done incorrectly?
Many thanks
Hi Ling,
Are you able to login with user adtestlocal\isctest in the IQService Box ? Also have we give all the rights to the user with what is present in the document ?
Hi @lincolnsantanna ,
Thanks for providing the detailed followed steps. As i could see that you are unable to find the account details while setting through Services > SailPoint IQService > Properties > Log On? I hope you are trying to do exactly the same.
Can you un-register the user in IQService and then use logged in user for login in IQService and then try connecting? The credentials of the user registered should be passed under the logon. Anything different will throw this error I believe.
Also at last if you see the account and set the registered user account password don’t forgot to restart the IQService after changing the logon credentials as recommended.
IHTH 
Yes, the connection was OK if use logged in user for login in IQService. However, the logged in user is a local admin which can not be used for provision users on AD domain (adtestlocal), we must use the service account on AD domain. The solution is: switching IQSerivce domain from current iqdomain1.com to AD domain (adtestlocal) so that it is joined to AD domain, the problem should be resolved. thanks much.
Hi Rakesh,
Thanks much for your response and the doc attached. You made excellent point: I was not able to login with user adtestlocal\isctest in the IQService Box. After troubleshooting and found the cause, contacted AD Admin, their decision is: to have IQService server to be a member server of the AD domain. I believe the problem will be resolved. Thanks again.