Snowflake connector aggregation problem

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

Hello guys hope everyone is fine. We are getting invalid configuration error occurred during querying snowflake server in sailpoint iiq.
We are getting this during aggregation

We have given correct base url and key pair authentication. Test connection passed but facing error only during account and group aggregation

443 failed response
Can anyone suggest me what to do. Test connection passed but aggregation is getting failed for snowflake

2

Hello @ajithkallur03,

Are you using any Aggregation rules?
This error is most probably because the system cannot properly iterate over the accounts

I suggest you to check your aggregation task & application definition (Rules tab)
Also check the account you are using is authorised to read data on snowflake.

Please attach the complete error you are getting on tomcat
Ensure you didn’t change any identity attribute as mentioned in this doc

3

This is the error

Exception during aggregation of Object Type Role on Application snowflake-test1. Reason: openconnector.InvalidConfigurationException: [ InvalidConfigurationException ] [ Possible suggestions ] An error occurred while querying the Snowflake server. Make sure the connection parameters are valid and correct. [ Error details ] org.apache.http.NoHttpResponseException:url:443 failed to respond

Do you think it is fire wall issue

4

I don’t think it is a firewall issue, because your test connection is successful. But still, if you want to test you can try deactivating the firewall for a while and test it out if it is your training environment.

I would still recommend checking the Account you are using for this connection does that account have all the required permissions to read data out of Snowflake?

5

ok tq for your reply. can u suggest me how to increase time out in account/group aggregation task

6

Sorry I don’t know how to do that but I found one snowflake doc
Which have steps to troubleshoot a similar issue in windows

1 Like
7

Hi @ajithkallur03

Please, try to use Connectivity Diagnostic Tool (SnowCD) to check network connection to Snowflake.

In this case, you must try this tool in the following way:

./snowcd < json file > [flags]

where json file contains the list of urls of Snowflake storage and repository

Please refer to following url with for more information to execute this tool.: SnowCD (Connectivity Diagnostic Tool) | Snowflake Documentation

8

Additionally, you can check if permissions to aggregate accounts are properly granted

Account Aggregation Permissions (sailpoint.com)

9

Hello Ismael. Thank you for your reply. I will work with snowflake app team to check this.

However, I found one troubleshooting link for same error in IDN.

Troubleshooting (sailpoint.com)

OpenAggregation fails with exception error

Aggregation fails with one of the following exception errors:

  • org.apache.http.NoHttpResponseException: failed to respond

  • connector.sdk.webservices.exception.WebServicesSdkException: java.net.SocketException: Socket closed

Resolution: Add the following attribute using Rest API for updating a source in IdentityNow, and then run aggregation.

Key= conSnowflakeApiRetrySleepTimeSeconds Value= 60000 in ms, default: 30000 ms

Key=conSnowflakeApiRetryMaxAttempts Value=3, default: 3

Key=retryableErrors Value=[error messages]

I tried added these as entry key and values but still unsuccessful. Can you pls help me if you know the syntax on how to add these in application.xml

Thank you so much and appreciate ur help.

10

Hi @ajithkallur03

Please try with the following entries in your xml app

<entry key="conSnowflakeApiRetryMaxAttempts" value="3"/>
<entry key="conSnowflakeApiRetrySleepTimeSeconds" value="60000"/>
<entry key="authSearchAttributes">
        <value>
          <List>
            <String>443 failed to respond</String>
          </List>
        </value>
      </entry>
11

Thank you @ismaelmoreno1

Tried it but no luck.

I think somehow the connection is getting dropped. Every time groups scanned are around 1200. We have total of 9000 GROUPS

Any other way I am really struck here

12

Hi @ajithkallur03

Did you able to solve this issue?

According to Troubleshooting section, other solution is to set a timeout value in the connector

On the other side, please let me know if SnowCD tool was executed in you enviroment to check that there is not connection issues

13

Where you able to fix this? Shouldnt the third entry be “retryableErrors”?

14

Thanks guys the issue is with ootb connector. Sailpoint support team shared efix and it worked

1 Like
15

Thank you, I will ask for this

16

@ajithkallur03 , would you be able to share the ticket number for your issue and/or the efix number?

17

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.