Facing issue while using gMSA in AD integration with ISC

HI Team,

We are trying to integration AD with ISC using gMSA service account and TLS option.

We followed all the pre-requisite and permissions option but we are facing below error while testing the connection.

Does anyone implemented gMSA approach successfully?

We have detected an error from the managed system.

Error Received:

Detected password less authentication, but failed to retrieve passwords with error: Exception occurred while executing the RPCRequest: Errors returned from IQService. Buffer cannot be null. Parameter name: buffer

Thank you!

Sailaja

Hi Sailaja,

Seems typically points to an authentication issue with the account used by the IQService or a configuration mismatch in SailPoint.
Verify the IQService Account check if the password is same or not.
Thanks,

Ankit

when gMSA was created in AD, it would need to give the server/machine which would have access to it. make sure it was created correct:

New-ADServiceAccount -Name <gMSAName> -DNSHostName <gMSAName>.<domain> -PrincipalsAllowedToRetrieveManagedPassword <SecurityGroup>

This will be your IQService host:

DNSHostName

refer to below : Create a gMSA

also make sure of the below :

Thank you, yes All details are configured as per documentation.

Thank you. Yes, all are set as per pre-requisite.