IQService Refuse to set Password

Alyson_Trad · January 5, 2024, 3:53pm

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

We have seen some instances where we get the below error in the logs during the AD aggregation. This pertains to creating the AD account for the identity. This doesn’t happen every time, but I’m wondering why this error is seen and what a resolution to this is?

Error:
Exception occurred while executing the RPCRequest: Errors returned from IQService. "Error occurred while setting password for the account. Exception has been thrown by the target of an invocation.The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 ", "Error occurred while setting password for the account. Exception has been thrown by the target of an invocation.The server is unwilling to process the request.

This prevents the creation of the AD account and we have to manuallt create it. Has anyone seen something similar to this?

HemantSingh · January 5, 2024, 4:09pm

There may be couple of reason why its not setting the password

An attempt to violate a password policy, such as history, password length, blank password, etc.
account may already locked
you may need to check with Active Directory team to see if windows events or some log for actual reason of failure.

kjakubiak · January 5, 2024, 5:31pm

Usualy AD returns this exception when password which Sailpoint tried to set does not met the AD minimum password complexity policy.

Try to set more complex password and check if the error is still there.

drosenbauer · January 5, 2024, 5:37pm

The error message actually provides useful information. Specifically, this part:

0000052D: SvcErr: DSID-031A124C, problem 5003

The error code is 52D, which is a hexadecimal number corresponding to decimal 1325. Microsoft publishes a difficult-to-Google list of error codes here.

ERROR_PASSWORD_RESTRICTION
1325 (0x52D)
Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.

system · March 5, 2024, 5:37pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory Provisioning issue IIQ Discussion and Questions identityiq , provisioning	5	83	April 16, 2024
Failed provisioning of identity in Active Directory IIQ Discussion and Questions aggregation , identityiq , provisioning	5	113	April 3, 2024
IQ service is failing to update the attributes IIQ Discussion and Questions identityiq	3	258	October 21, 2023
Account aggregation task is been getting failed IIQ Discussion and Questions webservice-connector , aggregation , identityiq	5	788	August 10, 2023
Exception occurred while executing the RPCRequest: Errors returned from IQService. Client authentication failed with error - The user name or password is incorrect IIQ Discussion and Questions identityiq , provisioning	9	193	March 8, 2024

IQService Refuse to set Password

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related Topics