Unable to run iiq ui after provisioning with SSD7.0.2 and Java 17

Which IIQ version are you inquiring about?

8.4

Share all details about your problem, including any error messages you may have received.

When trying to provision the environment with SSD7.0.2 and Java 17, we encounter error trying to startup tomcat. Here are the error logs showing:

• org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘versionChecker’ defined in class path resource [configBeans.xml]: Invocation of init method failed nested exception is java.lang.RuntimeException: Unable to check IdentityIQ database version: Unable to connect to: jdbc:sqlserver://xxxxx databaseName=identityiq encrypt=true trustServerCertificate=true
• Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user ‘iiqsa’. ClientConnectionId: xxxxxxxx
• Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (Login failed for user ‘iiqsa’. ClientConnectionId:xxxxxxxxxx

Have checked the iiqsa permission is dbowner, password is correct and connection is able to establish if using Java 11.

Is there any steps required to do when upgrading from Java 11 to Java 17?

What’s the database version? As per support matrix, it should be MS SQL Server 2022 or 2019

The database is on Azure SQL, version 12, also checked the compatability is on 150 which equals to SQL Server 2019?

@fionali can you post the logs from build ? check build.properties and base folder contains 8.4 binary. also if possible then send iiq.properties

i am hoping your iiq console also will not connect in this case.

Hi Fiona,
Yes, the 8.4 installation guide mentions a JVM requirement for Java 17:

–add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED

I don’t know if that is relevant to your issue.

Have tried adding this JVM settings but still facing same errors when starting tomcat.. can advise what is missing here?

HI Fiona,
Check what version of the jdbc driver you have installed. This will be in the WEB-INF/lib directory. It should be something like mssql-jdbc-12.8.1.jre11.jar

Make sure you have only one mssql-jdbc-* file. If you have both a current one and an old one, then that could be a problem

Another possibility is that your Java 17 doesn’t have the right CA certificate in the trust store.

Have checked there is only one mssql-jdbc-*.jar file but still getting the same error.

Is it possible that the encryption algorithm used by IIQ tool might not be preferred in Java 17?

I’m suspecting dataSource.Url might be the issue as well, here is the iiq.properties file. Anyone can help to check if is correct?

##### Application Server Managed Data Source Properties #####

# Depending on the app server, the "java:comp/env/" may not be required.
jndiDataSource.jndiName=java:comp/env/jdbc/testDataSource

# Set to "jndiDataSource" to use an app server managed datasource. Otherwise
# leave the default value "dataSource".
configuredDataSource.targetBeanName=dataSource

# These settings are for the activemq broker.  At this time this should remain
# set to type activemq. This is only needed for running an embedded message
# broker within IdentityIQ, and is ignored when the message broker is external
messageServiceFactory.type=activemq
activeMQMessageServiceManager.brokerUri=tcp://0.0.0.0:61616?transport.trace=true&transport.soTimeout=10000
activeMQMessageServiceManager.activemqLocker=org.apache.activemq.store.jdbc.LeaseDatabaseLocker
# ActiveMQ Broker System Usage limit sizing in Megabytes
activeMQMessageServiceManager.memoryLimit=1024
activeMQMessageServiceManager.storeLimit=100000
activeMQMessageServiceManager.tempLimit=50000

##### Data Source Properties #####
dataSource.maxWaitMillis=10000
dataSource.maxTotal=1000
dataSource.minIdle=5
#dataSource.minEvictableIdleTimeMillis=300000
#dataSource.maxOpenPreparedStatements=-1

dataSource.username=${iiq.ur}
dataSource.password=${iiq.pw}

##### MSSQL Server #####
## URL Format: dataSource.url=jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
dataSource.url=jdbc:sqlserver://stg0001.database.windows.net:1433;databaseName=identityiq;encrypt=true;trustServerCertificate=true;authentication=SqlPassword;
dataSource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
sessionFactory.hibernateProperties.hibernate.dialect=sailpoint.persistence.SQLServerUnicodeDialect
scheduler.quartzProperties.org.quartz.jobStore.driverDelegateClass=org.quartz.impl.jdbcjobstore.MSSQLDelegate
scheduler.quartzProperties.org.quartz.jobStore.selectWithLockSQL=SELECT * FROM {0}LOCKS UPDLOCK WHERE LOCK_NAME = ?
activeMQMessageServiceManager.activemqJdbcAdapter=org.apache.activemq.store.jdbc.adapter.TransactJDBCAdapter


##### Plugins ####

# Determines whether or not plugins are enabled, change
# to false if plugins should be disabled globally
plugins.enabled=true

# Determines if SQL scripts should be executed dynamically
# at the time a plugin is installed, upgraded or uninstalled
plugins.runSqlScripts=true

# Determines if XML object files should be imported dynamically
# at the time a plugin is installed, upgraded or uninstalled
plugins.importObjects=true

# Determines if the global SailPoint angular bundle will be used when
# there are snippets on a page
plugins.angularSnippetEnabled=true


##### Application Server Managed Plugins Data Source Properties #####

# Depending on the app server, the "java:comp/env/" may not be required.
jndiPluginsDataSource.jndiName=java:comp/env/jdbc/testPluginsDataSource

# Set to "jndiPluginsDataSource" to use an app server managed datasource. Otherwise
# leave the default value "pluginsDataSource".
configuredPluginsDataSource.targetBeanName=pluginsDataSource


##### Plugins Data Source Properties #####
pluginsDataSource.maxWaitMillis=10000
pluginsDataSource.maxTotal=250
pluginsDataSource.minIdle=5
#pluginsDataSource.minEvictableIdleTimeMillis=300000
#pluginsDataSource.maxOpenPreparedStatements=-1

pluginsDataSource.username=${iiqPlug.ur}
pluginsDataSource.password=${iiqPlug.pw}

##### MSSQL Server #####
## URL Format: dataSource.url=jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
pluginsDataSource.url=jdbc:sqlserver://stg0001.database.windows.net:1433;databaseName=identityiqPlugin;encrypt=true;trustServerCertificate=true;authentication=SqlPassword;
pluginsDataSource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver

##### Access History ####

##### Data Source Properties for Access History #####
dataSourceAccessHistory.maxWaitMillis=10000
dataSourceAccessHistory.maxTotal=50
dataSourceAccessHistory.minIdle=5
#dataSourceAccessHistory.minEvictableIdleTimeMillis=300000
#dataSourceAccessHistory.maxOpenPreparedStatements=-1

dataSourceAccessHistory.username=${iiqAh.ur}
dataSourceAccessHistory.password=${iiqAh.pw}

##### MSSQL Server #####
## URL Format: dataSource.url=jdbc:sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
dataSourceAccessHistory.url=jdbc:sqlserver://stg0001.database.windows.net:1433;databaseName=identityiqah;encrypt=true;trustServerCertificate=true;authentication=SqlPassword;
dataSourceAccessHistory.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
sessionFactoryAccessHistory.hibernateProperties.hibernate.dialect=sailpoint.persistence.SQLServerUnicodeDialect

#
# Settings for the ruleRunner and its pool
#
ruleRunner.maxPoolReuse=1000
ruleRunnerPoolConfig.maxTotal=-1
ruleRunnerPoolConfig.maxTotalPerKey=8
ruleRunnerPoolConfig.maxIdlePerKey=8
ruleRunnerPoolConfig.minIdlePerKey=0

##### Hibernate Listener Service Thread Pool Settings ######
# if this is false then the listeners will not be registered.
# if AI is installed this should probably be set to true.
hibernateListenerServiceConfig.hibernateListenerEnabled=false
# number of threads that will always be alive
hibernateListenerServiceConfig.coreThreads=10
# max number of threads that can be running if there is a high load
hibernateListenerServiceConfig.maxThreads=20
# how long in milliseconds extra threads will sit idle before scaling back down to the core number
hibernateListenerServiceConfig.keepAliveTime=10000
# how many changes can be queued up for the threads to work on
hibernateListenerServiceConfig.queueSize=10000

##### BundleProfileRelation Listener Service Thread Pool Settings ######
# number of threads that will always be alive
bundleProfileRelationListenerServiceConfig.coreThreads=10
# max number of threads that can be running if there is a high load
bundleProfileRelationListenerServiceConfig.maxThreads=20
# how long in milliseconds extra threads will sit idle before scaling back down to the core number
bundleProfileRelationListenerServiceConfig.keepAliveTime=10000
# how many changes can be queued up for the threads to work on
bundleProfileRelationListenerServiceConfig.queueSize=10000

##### Debug Settings #####

# Uncomment to send all SQL queries to std out. This provides a lot of output
# and slows down execution, so use it wisely.
#sessionFactory.hibernateProperties.hibernate.show_sql=true

# Hibernate Transaction Isolation Levels
# 1 = Read Uncommitted, 2 = Read Committed, 4 = Repeatable Read, 8 = Serializable
#sessionFactory.hibernateProperties.hibernate.connection.isolation=1

#
# IIQ Keystore and Master Password properties
#

# file location of the IIQ keystore
# (override of the default $SPHOME/WEB-INF/classes/iiq.dat )
#
keyStore.file  = /build/keystore/iiq.dat

# file location of the IIQ master password file
# (override of the default $SPHOME/WEB-INF/classes/iiq.cfg )
#
keyStore.passwordFile = /build/keystore/iiq.cfg

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.