SailPoint - Windows本地-直接连接器

Question

大家早上好！在windows本地直接连接器(仅在组聚合上)遇到以下问题时，IQService会失败，没有错误，它正在迭代组，它只是停止并崩溃(没有错误-请参阅下面的日志)。

我可以验证以下几点：

管理员是本地管理员组的一部分。

远程注册表服务已打开。

防火墙已关闭。

Sailpoint为8.0版，并且IQService与以下各项匹配：

ServiceName: IQService-Instance1
Display Name: SailPoint IQService-Instance1
Configured Port: 5050
Build version: 8.0 r53edbe8-20190524-075742
Build timestamp: 05/24/2019 11:03 AM -0500
Build location: RC_8.0
Build builder: jenkins
Executable: C:\SailPoint\IQService\IQService.exe
File Size: 36352
File Date: 5/24/2019 5:03:40 PM

windows server 2012 R2

只是为了验证管理员部分：

C:\SailPoint\IQService>whoami

seri\administrator

C:\SailPoint\IQService>net用户管理员

Local Group Memberships *Administrators *fam-Windows File Serv
*Performance Log Users
Global Group memberships *Domain Users *Enterprise Admins
*Group Policy Creator *Schema Admins
*Domain Admins
The command completed successfully.

Tomcat日志：

2019-12-20T18:12:43,939 ERROR http-nio-8080-exec-4 sailpoint.rest.ApplicationResource:311 - java.lang.RuntimeException: sailpoint.tools.GeneralException: Connection reset

IQService日志：

12/20/2019 18:12:43 : RpcHandler [ Thread-4 ] DEBUG : "Initiating the serviceState for c87fbe66-fdc8-4e7d-bcfa-22d5d177c74c"
12/20/2019 18:12:43 : RpcHandler [ Thread-4 ] INFO : "Calling Service [NTConnector] and method[iterateObjects] "
12/20/2019 18:12:43 : Impersonator [ Thread-4 ] DEBUG : "Authenticating as User [Administrator] domain [SERI]"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "ENTER AbstractConnector"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "EXIT AbstractConnector"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER prepare"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER resolveServerName"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT resolveServerName"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Connection URL [WinNT://ad-resource]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT prepare"
12/20/2019 18:12:43 : AbstractConnector [ Thread-4 ] DEBUG : "ENTER IterateObjects"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER doIterateObjects"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getObjectEnumerator"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Connecting to Container [WinNT://ad-resource]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER bind"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "new DirectoryEntry(WinNT://ad-resource)"

* stuff******************************************

12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT buildMapFromEntry"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getNext"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing object[WinNT://SERI/ad-resource/Remote Desktop Users]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER buildMapFromEntry"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [Description]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [Description] as a value[Members in this group are granted the right to logon remotely] type[System.String]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Description=Members in this group are granted the right to logon remotely"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [DirectoryPath]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [DirectoryPath] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [MemberGroups]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [MemberGroups] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [GroupType]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [GroupType] as a value[4] type[System.Int32]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER mapGroupType"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "EXIT mapGroupType"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [Members]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [Members] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [objectSid]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [objectSid] as a value[System.Byte[]] type[System.Byte[]]."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Processing Attribute [sAMAccountName]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "Attribute [sAMAccountName] as a null value. skipping..."
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "ENTER getGroupMembers"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "looking up members for Group [Remote Desktop Users]"
12/20/2019 18:12:43 : NTConnectorServices [ Thread-4 ] DEBUG : "GroupEnum was non null for [WinNT://SERI/ad-resource/Remote Desktop Users]"

该服务崩溃，并发生在同一组远程桌面用户每次？上面显示的最后一行-有没有想过上面的崩溃日志可能会在哪里结束？

Answer 1

在与@kevin_james会面后，他能够弄清楚问题所在。如果您在ADUC中打开"Everyone“组，安全组”Remote Desktop Users“会有一个红色向上箭头连接到该组-此红色箭头表示F.S.P.“外部安全主体(FSP)是安全主体，在将对象(用户、计算机或组)添加到某个域组时创建，但起源于外部受信任域。F.S.P由红色箭头标记识别。”我没有办法解决接受FSP的问题，但是，如果您删除它并重新添加，"Everyone“组将不再有红色箭头，它将正常工作。凯文万岁！！