Common Issues & Solutions
This guide covers frequently encountered issues in IdentityCenter and their solutions.
Connection Issues
Cannot Connect to Active Directory
Symptoms:
- Connection test fails
- "Unable to connect to server" error
- Timeout during connection
Solutions:
Verify Network Connectivity
# Test basic connectivity Test-NetConnection -ComputerName dc01.corp.local -Port 389 # Test LDAPS Test-NetConnection -ComputerName dc01.corp.local -Port 636Check Firewall Rules
- Port 389 (LDAP)
- Port 636 (LDAPS)
- Port 3268 (Global Catalog)
- Port 3269 (Global Catalog SSL)
Verify Credentials
# Test authentication $cred = Get-Credential Get-ADUser -Identity testuser -Credential $cred -Server dc01.corp.localCheck DNS Resolution
Resolve-DnsName dc01.corp.local
Authentication Failed
Symptoms:
- "Invalid credentials" error
- "Access denied" message
Solutions:
Verify Username Format
- Try UPN:
user@domain.com - Try sAMAccountName:
DOMAIN\user - Try DN:
CN=User,OU=Users,DC=domain,DC=com
- Try UPN:
Check Account Status
- Account not locked
- Password not expired
- Account not disabled
Verify Permissions
- Read access to target OUs
- Replicating Directory Changes (for some features)
SSL/TLS Connection Errors
Symptoms:
- "SSL certificate problem" error
- "The remote certificate is invalid"
Solutions:
Trust the Certificate
- Import CA certificate to trusted store
- Or disable certificate validation (not recommended for production)
Check Certificate Validity
Test-NetConnection -ComputerName dc01.corp.local -Port 636 # Then check certificate detailsVerify TLS Version
- Ensure TLS 1.2 is enabled on both sides
Synchronization Issues
Sync Shows 0 Objects
Symptoms:
- Sync completes but no objects imported
- "0 objects found" in logs
Solutions:
Verify LDAP Filter
# Test in AD Users and Computers > Find (&(objectClass=user)(objectCategory=person))Check Base DN
- Ensure Base DN points to correct OU
- Verify path is correct
Test with Broader Filter
(objectClass=*)Verify Service Account Permissions
- Read access to the target OU
- List contents permission
Sync Times Out
Symptoms:
- Sync runs indefinitely
- "Operation timed out" error
Solutions:
Reduce Scope
- Target specific OUs instead of entire directory
- Add more restrictive filter
Increase Timeout
"SyncOptions": { "CommandTimeoutSeconds": 600 }Enable Paging
"SyncOptions": { "DefaultLdapPageSize": 500 }Check Server Performance
- Domain controller CPU/memory usage
- Network latency
Duplicate Identities Created
Symptoms:
- Same person has multiple identity records
- No matching occurred
Solutions:
Verify Matching Attributes
- Email address should be consistent
- Employee ID should be populated
Check Data Quality
- Missing email addresses
- Inconsistent naming
Review Matching Rules
- Order of matching criteria
- Fallback behavior
Access Review Issues
Reviewers Not Receiving Notifications
Symptoms:
- Emails not delivered
- Reviewers unaware of pending reviews
Solutions:
Check Email Configuration
- Verify SMTP settings
- Test email sending
Verify Reviewer Email Addresses
- Check for typos
- Ensure addresses are valid
Check Spam Folders
- Add sender to safe list
- Configure SPF/DKIM
Review Email Logs
- Check for delivery failures
- Verify queue processing
Campaign Not Generating Review Items
Symptoms:
- Campaign starts but no items created
- 0 items assigned to reviewers
Solutions:
Verify Scope Configuration
- Check filter criteria
- Ensure users exist in scope
Check Reviewer Assignment
- Manager data is synced
- Fallback reviewer configured
Verify Access Data
- Group memberships are synced
- Access rights are imported
Policy Issues
Policy Not Detecting Violations
Symptoms:
- Known violations not flagged
- Policy shows 0 violations
Solutions:
Verify Policy Condition
- Check syntax
- Test with known violator
Check Evaluation Schedule
- Policy is enabled
- Schedule is configured
Review Exceptions
- Check if cases are excepted
- Verify exception scope
Too Many False Positives
Symptoms:
- Policy flags valid cases
- Noise overwhelming real issues
Solutions:
Refine Conditions
- Add more specific criteria
- Exclude valid cases
Create Exceptions
- For known valid scenarios
- With proper documentation
Adjust Severity
- Lower severity reduces urgency
- Focus on true issues
Performance Issues
Application Running Slowly
Symptoms:
- Pages load slowly
- Operations time out
Solutions:
Check Database Performance
-- Check for blocking SELECT * FROM sys.dm_exec_requests WHERE blocking_session_id <> 0 -- Check index fragmentation SELECT * FROM sys.dm_db_index_physical_stats(DB_ID(), NULL, NULL, NULL, 'LIMITED') WHERE avg_fragmentation_in_percent > 30Review Application Logs
- Check for errors
- Look for slow queries
Monitor Server Resources
- CPU utilization
- Memory usage
- Disk I/O
Database Growth
Symptoms:
- Database size increasing rapidly
- Disk space running low
Solutions:
Review Retention Settings
- Sync history retention
- Audit log retention
Purge Old Data
-- Example: Delete old sync history DELETE FROM SyncHistory WHERE CompletedAt < DATEADD(day, -90, GETDATE())Implement Maintenance
- Regular index rebuilds
- Statistics updates
Error Messages
"Object reference not set to an instance of an object"
Cause: Null reference in code, often due to missing data
Solution:
- Check required fields are populated
- Verify related records exist
- Review application logs for details
"The LDAP server is unavailable"
Cause: Cannot reach domain controller
Solution:
- Check network connectivity
- Verify DNS resolution
- Confirm firewall rules
"Access is denied"
Cause: Insufficient permissions
Solution:
- Verify service account permissions
- Check file system permissions
- Review database permissions
"The specified network name is no longer available"
Cause: Network connection dropped
Solution:
- Check network stability
- Increase timeout settings
- Implement retry logic
Getting Help
If you can't resolve an issue:
Collect Information
- Error messages
- Application logs
- Steps to reproduce
Check Documentation
- Search the Knowledge Base
- Review release notes
Contact Support
- Email: support@certification-center.com
- Include collected information