Troubleshooting

When a login user is created in Microsoft SQL Server and is granted permission only on some of the Databases present on the server and if aggregation task is run for that application, Aggregation fails as the user is not able to access other databases.

Resolution: In configuration under the Include Databases section, provide the complete list of databases (comma separated list) for which the login user have accesses.

This completes the aggregation successfully, and only details of the users present in the list of included database will be fetched.

When Microsoft SQL Server application is created with Proxy application as Cloud Gateway and all the required jars are not present in CloudGateway\WEB-INF\lib directory, account aggregation fails with the following error:

Exception during aggregation

Resolution: For account aggregation to complete successfully, ensure that:

All the jars are present in /IdentityIQ/WEB-INF/lib directory.

IdentityIQCloudGateway.jar file for IdentityIQ Cloud Gateway is present in CloudGateway\WEB-INF\lib directory

During aggregation if the SERVERNAME variable has not been declared in the Microsoft SQL Server database, connector displays the following error message:

"SQLServerException: Must declare the scalar variable "@@SERVERNAME"

Resolution: The SERVERNAME variable must be declared and defined in the Microsoft SQL Server database before performing the aggregation.

Delete provisioning operation fails with the following error message when the service account does not have db_owner permission on the Microsoft SQL Server database along with Alter any login permission on it:

"Logins other than the current user can only be seen by members of the sysadmin role."

Resolution: A service account must have the db_owner permission on the Microsoft SQL Server database along with Alter any login permission.

When the index column contains special characters, during merging it shows the following error:

[ InvalidConfigurationException ] [ Possible suggestions ] For data merging, data should be ordered. Please add order by clause in aggregation query or set disableOrderingCheck as true. [ Error details ] java.lang.Exception: Data out of order exception. Data should be sorted in ascending order.

Resoultion:SailPoint uses the java.text.Collator class to check for ascending (or descending) order. The JVM instance uses the environment locale setting of language, country, and variant when comparing the records.

If the database ResultSet does not comply with the collator instance, then the exception occurs. The recommended resolution is to align the locale settings between SailPoint and your database instance. As an alternative, adjusting the dataset also resolves the ordering constraint.

Method 1:

Note
You may have to have a collator class to accomplish this. Set the Collator on the application if you know how the database is sorting.

1. In order to add a collator class, you need to write one and add the compiled class to your library path for the web application and add it to your JDBC app definition.

2. In the application Debug page for the JDBC application, add the entry:

   <entry key="collatorClassName" value="something.collators.MyCollator"/>

3. Drop the MyCollator.class in WEB-INF\classes\something\collators

   For more information, refer to RuleBasedCollator (Java Platform SE 7).

   You will want to extend your custom collator off of this class.

Method 2:

1. Remove the check for sorting and make sure that the ordering in the SQL query is correct.

2. Add the entry key in the application Debug page:

   <entry key="disableOrderingCheck" value="true/>

You should know that is your data is out of order in your query, then there is the possibility of the aggregation missing information with this option, but if you are sure your data is in order, then this workaround should be able to work for you.

The test connection fails with the following error even when SSL is not configured for the connection:

The driver could not enable secure connection to SQL server by using SSL encryption. pkix path validation failed java.security.cert.certpathvalidatorexception validity check failed

Resolution: By default, in versions 4.0.0 or above, Microsoft set the value for encrypt as true. For these versions you must pass encrypt=false; in the URL.

For example:

jdbc.sqlserver://<SQL server hostname>:<port>;encrypt=false;

After configuring Windows authentication, test connections fail.

Resolution – Refer to the Kerberos Setup Checklist and confirm that Windows authentication and Kerberos are configured correctly.

Resolution: This is expected system behavior as cloud databases periodically reconfigure themselves. If you connect to it in this time span, you will get a transient error. Wait a couple of minutes and retry the connection.

Resolution: For a connection to an Azure SQL Managed Instance, check the following to resolve the error:

• If the endpoint is a private endpoint (for example, if you are using an Azure ExpressRoute or other VPN connection), ensure that the tcp/3342 port is open to the managed instance private endpoint DNS address (for example, this could be an application gateway or dedicated IP address depending on your configuration).

• If the endpoint is a public endpoint, ensure that the tcp/3342 port is open to the public endpoint DNS address (for example, this could be an application gateway or a dedicated IP address depending on your configuration).