2

各位早上好!使用 Windows 本地 - 直接连接器(仅在组聚合上)遇到以下问题 IQService 失败且没有错误,它正在遍历组,它只是停止并崩溃(没有错误 - 请参阅下面的日志)。

我能够验证以下内容:

管理员是本地管理员组的一部分。

远程注册表服务已打开。

防火墙已关闭。

Sailpoint 是 8.0 版,IQService 匹配:

ServiceName: IQService-Instance1
Display Name: SailPoint IQService-Instance1
Configured Port: 5050
Build version: 8.0 r53edbe8-20190524-075742
Build timestamp: 05/24/2019 11:03 AM -0500
Build location: RC_8.0
Build builder: jenkins
Executable: C:\SailPoint\IQService\IQService.exe
File Size: 36352
File Date: 5/24/2019 5:03:40 PM

视窗服务器 2012 R2

只是为了验证管理员部分:

C:\SailPoint\IQService>whoami

seri\administrator

C:\SailPoint\IQService>net 用户管理员

Local Group Memberships *Administrators *fam-Windows File Serv
*Performance Log Users
Global Group memberships *Domain Users *Enterprise Admins
*Group Policy Creator *Schema Admins
*Domain Admins
The command completed successfully.

Tomcat日志:

2019-12-20T18:12:43,939 ERROR http-nio-8080-exec-4 sailpoint.rest.ApplicationResource:311 - java.lang.RuntimeException: sailpoint.tools.GeneralException: Connection reset

IQService 日志:

12/20/2019 18:12:43 : RpcHandler [ Thread-4 ] DEBUG : "Initiating the serviceState for c87fbe66-fdc8-4e7d-bcfa-22d5d177c74c"
12/20/2019 18:12:43 : RpcHandler [ Thread-4 ] INFO : "Calling Service [NTConnector] and method[iterateObjects] "
12/20/2019 18:12:43 : Impersonator [ Thread-4 ] DEBUG : "Authenticating as User [Administrator] domain [SERI]"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "ENTER AbstractConnector"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "EXIT AbstractConnector"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER prepare"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER resolveServerName"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT resolveServerName"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Connection URL [WinNT://ad-resource]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT prepare"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "ENTER IterateObjects"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER doIterateObjects"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getObjectEnumerator"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Connecting to Container [WinNT://ad-resource]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER bind"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "new DirectoryEntry(WinNT://ad-resource)"

********************* 东西**************************** **************

12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT buildMapFromEntry"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing object[WinNT://SERI/ad-resource/Remote Desktop Users]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER buildMapFromEntry"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [Description]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [Description] as a value[Members in this group are granted the right to logon remotely] type[System.String]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Description=Members in this group are granted the right to logon remotely"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [DirectoryPath]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [DirectoryPath] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [MemberGroups]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [MemberGroups] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [GroupType]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [GroupType] as a value[4] type[System.Int32]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER mapGroupType"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT mapGroupType"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [Members]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [Members] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [objectSid]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [objectSid] as a value[System.Byte[]] type[System.Byte[]]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [sAMAccountName]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [sAMAccountName] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getGroupMembers"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "looking up members for Group [Remote Desktop Users]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "GroupEnum was non null for [WinNT://SERI/ad-resource/Remote Desktop Users]"

服务崩溃并且每次都发生在同一个组远程桌面用户上?上面显示的最后一行 - 关于上面的崩溃日志可能会在哪里结束的任何想法?

4

1 回答 1

0

在与@kevin_james 会面后,他能够找出问题所在。如果您在 ADUC 中打开安全组远程桌面用户,“Everyone”组会附加一个红色向上箭头 - 这个红色箭头表示 FSP“外国安全主体 (FSP) 是安全主体,在对象时创建(用户、计算机或组)已添加到某个域组,但源自外部受信任域。FSP 由红色箭头标记识别。” 我没有办法解决接受 FSP 的问题,但是,如果您删除它并重新添加“每个人”组将不再有红色箭头,它会正常工作。向凯文致敬!!

于 2020-01-24T16:04:42.003 回答