Timeout for the Active Directory Source Test Connection

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi team,

I am facing an issue with my Active Directory source. I have configured the source with IQService enabled and it’s been working properly since then. But lately, the test connection is timing out and hence failing.
Here are all the necessary details I can think of :

  • We have a loadbalancer architecture for the IQService, I made sure the cert was created with all the required details.
  • Even though the test connection is failing but the aggregation is successful.
  • The test connection works fine when I remove the IQService configuration.
  • I tried increasing the timeout but it didn’t work.
  • By checking the netstat command output, I could see a lot of “Close_Wait” connections
  • I have a SailPoint Support ticket open and they provided a special IQService version to install that should resolve the “Close_wait” connections but that didn’t resolve the issue either.
  • By enabling debug logs on the IQService and running multiple test connection, I was able to see that the IQService is successfully connecting to the AD DC servers.

Below screenshots for the errors:

  • Test Connection error :

image

  • IQService logs error

image
image1751×292 237 KB

2

Hello @MeKhalbi ,

Are you using IP address as IQService server configuration?

Thanks !!

3

Hi @IAMpdu I am using the loadbalancer domain name on the IQService config

4

Hi @MeKhalbi ,

Were there any recent changes to TLS settings on AD DC? You can verify that both IQ service AD DC are using the same TLS version.

5

Is it possible for you remove one IQService form LB and test it? so that you will get confirmation that from which IQService instance it is failing.

6

Thanks @shaileeM and @IAMpdu for your inputs. This issue was a known for SailPoint support and it’s common with customers using a Loadbalancer for the IQService. This was fixed by configuring a new IQService version provided by the support team that resolve the timeout and close_wait issue. SailPoint support mentioned they will include this fix in the upcoming IQService version.