2

Good morning folks! Running into the following issue with the windows local - direct connector (only on group aggregation) The IQService fails with no error it is iterating through the groups and it just stops and crashes (no error - see logs below).

I am able to verify the following:

The administrator is part of the local admin group.

The remote registry service is turned on.

The firewall is turned off.

Sailpoint is version 8.0 and IQService matches:

ServiceName: IQService-Instance1
Display Name: SailPoint IQService-Instance1
Configured Port: 5050
Build version: 8.0 r53edbe8-20190524-075742
Build timestamp: 05/24/2019 11:03 AM -0500
Build location: RC_8.0
Build builder: jenkins
Executable: C:\SailPoint\IQService\IQService.exe
File Size: 36352
File Date: 5/24/2019 5:03:40 PM

windows server 2012 R2

Just to verify the administrator portion:

C:\SailPoint\IQService>whoami

seri\administrator

C:\SailPoint\IQService>net user administrator

Local Group Memberships *Administrators *fam-Windows File Serv
*Performance Log Users
Global Group memberships *Domain Users *Enterprise Admins
*Group Policy Creator *Schema Admins
*Domain Admins
The command completed successfully.

Tomcat logs:

2019-12-20T18:12:43,939 ERROR http-nio-8080-exec-4 sailpoint.rest.ApplicationResource:311 - java.lang.RuntimeException: sailpoint.tools.GeneralException: Connection reset

IQService Logs:

12/20/2019 18:12:43 : RpcHandler [ Thread-4 ] DEBUG : "Initiating the serviceState for c87fbe66-fdc8-4e7d-bcfa-22d5d177c74c"
12/20/2019 18:12:43 : RpcHandler [ Thread-4 ] INFO : "Calling Service [NTConnector] and method[iterateObjects] "
12/20/2019 18:12:43 : Impersonator [ Thread-4 ] DEBUG : "Authenticating as User [Administrator] domain [SERI]"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "ENTER AbstractConnector"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "EXIT AbstractConnector"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER prepare"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER resolveServerName"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT resolveServerName"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Connection URL [WinNT://ad-resource]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT prepare"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "ENTER IterateObjects"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER doIterateObjects"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getObjectEnumerator"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Connecting to Container [WinNT://ad-resource]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER bind"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "new DirectoryEntry(WinNT://ad-resource)"

********************* stuff******************************************

12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT buildMapFromEntry"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing object[WinNT://SERI/ad-resource/Remote Desktop Users]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER buildMapFromEntry"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [Description]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [Description] as a value[Members in this group are granted the right to logon remotely] type[System.String]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Description=Members in this group are granted the right to logon remotely"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [DirectoryPath]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [DirectoryPath] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [MemberGroups]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [MemberGroups] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [GroupType]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [GroupType] as a value[4] type[System.Int32]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER mapGroupType"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT mapGroupType"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [Members]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [Members] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [objectSid]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [objectSid] as a value[System.Byte[]] type[System.Byte[]]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [sAMAccountName]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [sAMAccountName] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getGroupMembers"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "looking up members for Group [Remote Desktop Users]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "GroupEnum was non null for [WinNT://SERI/ad-resource/Remote Desktop Users]"

The service crashes and occurs on the same group Remote desktop users every time? Last line shown above - any thoughts on where crash logs from the above might end up?

Bob
  • 388
  • 5
  • 19

1 Answers1

0

After meeting with @kevin_james he was able to figure out the issue. The Security group Remote Desktop Users has a red up arrow attached to the "Everyone" group if you open it up in ADUC - this red arrow is an indication of an F.S.P. "Foreign Security Principals (FSPs) are security principals, created when an object ( user, computer or group) is added to some domain group, but with origins from an external trusted domain. F.S.P's is recognized by a red arrow mark." I don't have a way to fix the issues in terms of accepting the FSP, however, if you remove it and re-add the "Everyone" group will no longer have the red arrow and it will function correctly. KUDOS to Kevin!!

Bob
  • 388
  • 5
  • 19