8.4P3
AD provisioning getting failed but in error logs it is coming as blank. Please suggest what to do to resolve this issue
Hi @mayamis1703eq , Please review once again all the settings.
Please check the following SailPoint references for AD provisioning / IQService troubleshooting in IIQ 8.4p3:
1. AD Connector FAQ & Troubleshooting:
2. IdentityIQ 8.4 Active Directory Connector Guide:
https://documentation.sailpoint.com/connectors/identityiq8_4/active_directory/help/
3. IQService Settings:
4. Additional Configuration Parameters:
Hi @mayamis1703eq Is the CN of the user unique? Can you check that there is not a clashing Nina SailPoint in the Obsolete OU
Also verify the IQ service logs
Just check, if the loggers are getting created at Iq service ends, if not try bouncing iq service, and then retrigger provisioning.
Yes it is Unique @j_place !
Do you see anything in provisioning transaction? also what you see in IIQ and IQService logs?
Anything in the sailpoint logs, can you tail the logs and see for error?? and then share
do you see anything in IQService/IIQ logs or syslogs? You may have to enable the IQService/IIQ logs to trace/debug level if not done already? also is it happening consistently for all operation/user or any specific operations/user?
Are you trying to assign any special characters to any attributes during the move process? If so, this may also explain why you can’t display the error message correctly.
Can you please restart the iq service and try again , Might iq service not returning the repsonse , Did you check iq service logs
@mayamis1703eq - Can you enable "ADLDAPConnector" loggers as below and share the logs?
logger.ADLDAPConnector.name=sailpoint.connector.ADLDAPConnector
logger.ADLDAPConnector.level=trace
Also share the IQSercvice logs.
@mayamis1703eq Search your access request in the debug and check if any error is logged or not? In case no, you need to enable AD connector logs to capture connector level logs.
@neel193 : It is not even coming in debug of Access Request as well and it is a production issue, so i cannot replicate it. Is there anyway we can get the logs. Thank you!
is this the only access request that got failed like this? or you have more?
only this one.
Thank you!
@mayamis1703eq If you are not able to reproduce, then it would be really difficult to troubleshoot it. Is this happening in Production or in lower instances?
@mayamis1703eq Check if syslogs are generated at this time. It might be that the syslogs are not logged at the same time the identity request error message is pushed.
Thanks,
PVR.
