This is a TLS/SSL handshake failure between the IQService and SailPoint ISC tenant. It typically points to a mismatch in TLS versions, certificates or encryption.
Discussions regarding the same problem:
Troubleshooting steps:
- Check TLS version compatibility:
Ensure both IQService and the connecting client (e.g., ISC tenant) are configured to use the same TLS version - Verify certificate validity:
Confirm the server certificate used by IQService is valid, trusted, and not expired. If using a self-signed certificate, make sure it’s trusted by the client. - Review IQService configuration:
Double-check theuseTLS,tlsVersion,subject, andserialNumbersettings in the IQService configuration file. - Confirm client configuration:
Make sure the ISC tenant or other connecting application is set to use TLS and references the correct certificate. - Check for network interference:
Ensure there are no firewalls, proxies, or network devices modifying or blocking the handshake packets. - Test direct connectivity:
Try connecting directly (bypassing any intermediaries) to rule out network issues. - Enable debug logging in IQService:
-
Open the IQService configuration file and set the logging level to
DEBUGorTRACE. -
Restart the IQService after making this change.
-
Review the detailed logs for handshake errors, certificate issues, or protocol mismatches.
-
- Restart services:
After making configuration changes, restart IQService and any related services to apply updates.