Integrated authentication failed. ClientConnectionId:da0a5877-2ee3-4ac6-be55-49103d08e11d

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.4

Please share any other relevant files that may be required (for example, logs).

[

JDBC error.txt (2.9 KB)

Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

Connector used : JDBC

Error as per sailpoint log

2025-09-23T11:12:18,384 ERROR https-jsse-nio-8443-exec-5 sailpoint.connector.JDBCConnector:391 - Exception in the test configuration
sailpoint.connector.ConnectorException: Integrated authentication failed. ClientConnectionId:8d35b00c-4927-4b77-9098-e528cc6eb044

There was no major config changes, service account password was changed and we have updated the same

2

What is you DB URL?

Are you trying to use Windows authentication? (It looks a bit like you are).

Is this SQL Server DB?

Do you have integratedSecurity=true in the URL?

3

jdbc:sqlserver://hostname:1433;databaseName=DBName;IntegratedSecurity=true;authenticationScheme=JavaKerberos

MS SQL DB Server

yes windows Authentication

4

Then SQL Server is trying to authenticate the user which is running your tomcat server using Kerberos not using username and password.

If you have username and password do not include IntegratedSecurity=true

5

I tried to remove IntegratedSecurity=true earlier and could see login failure.
Login failed for user ‘serviceaccount@dn’. ClientConnectionId:c9f1de09-8616-4033-a637-c757397bb176

6

In order for userName and password to work you need to configure your DB properly.

In SQL server you need to set up the login authentication method to (username/password)

Example:

image
image739×328 9.97 KB

And that login needs to be mapped to specific user:

image
image1060×391 14 KB

and of course you need to check your password.

The good way to check this is to install SSMS and check your credentials there.

7

I did discuss with DB team now. As this is AD authentication, they do not manage password.

1 Like
8

So OS account that is running your tomcat must be a domain user that has a login in SQL Server, and is mapped to the target DB that you want to connect to.

Is your tomcat running on Windows?

9

Our tomcat is running on Linux, and this was all way. Only change that happened couple of days back is reset of service account password.

Weirdest part is when I do test connection - It is not reaching to the Database server at all. I cross verified with DBA they didn’t see any login attempt

10

Did you try to ping DB server from IIQ server?

Maybe it’s network or firewall issue?

11

Ping and telnet worked fine.

2 Likes
12

I am not quite sure, this log will help however I am attaching this for your review.

Stacktrace:
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:773) ~[java.security.jgss:?]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:266) ~[java.security.jgss:?]
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196) ~[java.security.jgss:?]
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthHandShake(KerbAuthentication.java:158) ~[mssql-jdbc-8.4.1.jre8.jar:?]

Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7)
at sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:70) ~[java.security.jgss:?]
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:226) ~[java.security.jgss:?]
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:237) ~[java.security.jgss:?]
at sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:477) ~[java.security.jgss:?]
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:340) ~[java.security.jgss:?]
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:314) ~[java.security.jgss:?]
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:169) ~[java.security.jgss:?]

Caused by: sun.security.krb5.Asn1Exception: Identifier doesn’t match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) ~[java.security.jgss:?]
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) ~[java.security.jgss:?]
at sun.security.krb5.internal.TGSRep.(TGSRep.java:60) ~[java.security.jgss:?]
at sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:55) ~[java.security.jgss:?]

1 Like
13

@deepanpd This Kerberos error—Server not found in Kerberos database (7)—is a classic authentication failure when using integrated security (Kerberos) with SQL Server. Avoid short hostnames—Kerberos needs exact SPN match and validate krb5.conf

This error typically means:

  • The SPN (Service Principal Name) for the SQL Server is missing or misconfigured.

  • The Kerberos keytab used by the Tomcat service account doesn’t contain valid credentials for the target SPN.

  • The SQL Server hostname in the JDBC URL doesn’t match the registered SPN.

  • The realm/domain mapping in your krb5.conf is incorrect or incomplete.

1 Like
14

Thanks a ton Kannan, with the help of AD team we noticed SPN values are missing. This could be the possible case. We are yet to fix it. I will respond to you once we have fixed the issue.

Regards,

Deepan

1 Like
15

Issue has been fixed, please allow me some time to summaries.

1 Like
16

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.