EPE - Error Messages and Solutions
EPE - Error Messages and Solutions
| Error Message | Solution |
|
Datapump fails to import Users to ESM. ITSM log says:
|
Check the mappings from the EPE. One of the mappings is using reference attribute instead of string. References are not supported. |
Infinite recursion (StackOverflowError) (through reference chain) |
Check the mappings from the EPE. One of the mappings is using reference or static attribute instead of string. References and static string are not supported. |
|
EPE extraction fails: Such issues can arise if a bad key is used during decryption. |
If you see this error message in the log file , it means that you have wrong Private key password in EPE task. |
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
|
If you see this error message in the log file, it means that epe-worker doesn't have the certificate of the AD. Add the missing certificate. |
javax.naming.PartialResultException: [LDAP: error code 10 |
If you see this error message in the log file, it means that there is a task defined in ESM (EPE task) with an incorrect 'search base' for persons and/or groups. |
java.net.SocketTimeoutException: connect timed out |
If you see this error message in the log file, it means that epe-worker can't connect to the AD. In this case, it is very likely that there is a firewall that is blocking the connections to the AD. |
|
Caused by:
|
Make sure that you have the latest version of the valid https/ldaps certificate. Add or replace your current certificate with the latest certificate downloaded from the source/target system which you are connecting with event task or scheduled task. |
javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) |
Make sure that you have the latest version of the valid https/ldaps certificate. Add or replace your current certificate with the latest certificate downloaded from the source/target system which you are connecting with event task or scheduled task. |
| Cannot fetch attribute mapping configuration from ESM | If you see this error message in the log file, it means that you have wrong password (or credentials were not defined) for WebAPI user in EPE task. |
Datapump fails: com.efecte.esm.datapump.exception.ProvisioningException: All rows does not contain strings representing required mappingsOR Index 1 out of bounds for length 1
|
Contact Matrix42 for help.
|
EPE Worker heartbeat is older than 300 seconds OR INFO c.e.e.m.general.BacgroungWorker - Going to sleep for 300 seconds |
Contact Matrix42 for help. |
javax.naming.CommunicationExceprtion:Request: 6680 cancelled; remaining name [customer's OU-path] |
Ldap filter need to be defined correctly:(objectCategory=person) or if 2 (&(objectCategory=person)(objectClass=user))
|
java.lang.ClassCastException: class com.efecte.esm.datapump.jaxb.EntityDeleteErrorReport cannot be cast to class com.efecte.esm.datapump.jaxb.SearchResult |
Some of the Identity Attribute Mapping attributes are missing from the customer's AD. Can be tested by adding the mappings one by one until it started failing again with the same error. |
java.nio.file.NoSuchFileException: /opt/epe/master/config/custom-provisioning-scripts |
Restart EPE worker. File will be created. |
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 |
If you see this error message in the log file, it means that you have wrong password for LDAP Password user in EPE task. |
CANCELLED_TOO_LONG_TIME_WAITING_TO_START |
Contact Matrix42 for help.
|
Export of data to folder 'folder_code_example' failed with exception: 500 : [no body] |
Clear data cache of the EPE task. |
TOTAL_TASKS_LAST_EXPORT_TO_ESM_FAILED |
Check the itsm.log why the export is failing. Usually reason is unique error, workflow or listener. If export status: FAILED then webapi user's password is wrong |
WARNINGS_LOG_LAST_15_MINUTES_COUNT |
Message means that there are too many "warning" messages in the log file, registered in the last 15 minutes. For example, this could be related to problems with 'event based provisioning' tasks. (a failure to write into AD/Azure will be registered as a 'warning' message in the log) If above message appears in a customer environment, there is no standard solution. Next step is to look into the log file to see what are those 'warning' messages about, then try to find the problem. |
EPE_WORKER_COMPLETED_FAILURE, error message: com.efecte.epe.worker.azure.util.AzureProvisioningException: Number of fetched attributes: 20 doesn't match required: 21 Requested attributes:
|
Contact Matrix42 for help. |
EPE_WORKER_COMPLETED_FAILURE, error message: java.util.concurrent.ExecutionException: java.net.UnknownHostException: login.microsoftonline.com at java.base/java.util.concurrent.FutureTask.report
|
"UnknownHostException" means that the IP address of a hostname could not be determined. In this case, it means that the DNS service was not able to find the IP address of for example "login.microsoftonline.com" The failure was in the DNS service or some other networking problem in the virtual machines. |
Provisioning engine service request finished with error: Failed to query task metadata - failed to decrypt encoded text
|
Contact Matrix42 for help. |
Authentication task gives error and no realms are displayed in dropdown. Cannot invoke "java.util.Map.get(Object)" because "accessToken" is null
|
There is a problem communicating to ESA and EPE can not fetch access token from it. |
EPE_MASTER_FAILED_TO_RETRIEVE_FILES and worker log says json does not exist |
EPE task name contains umlauts (äöå.), remove those and try again. |
EPE_WORKER_COMPLETED_FAILURE, error message: java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS7000215: Invalid client secret provided.
|
Invalid or expired client secret in Azure EPE task. Customer needs change/check secret from Entra ID and provide to EPE. |
EPE_WORKER_COMPLETED_FAILURE, error message: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 533, v4563
|
LDAP User is disabled. Needs to be changed to another or enabled existing one. |
Could not fetch syntax definition for attribute: streetAddress.javax.naming.OperationNotSupportedException: [LDAP: error code 12 - 00002040: SvcErr: DSID-031403F9, problem 5010 (UNAVAIL_EXTENSION), data 0
|
This means that streetAddress is no available for the EPE. Check permission for the streetAddress and that it is found from the directory. |
EPE_WORKER_COMPLETED_FAILURE, error message: java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS700016: Application with identifier '123123132' was not found in the directory 'Customer example'.
|
AADSTS700016 is an error code that indicates that the application you are trying to sign in to is not registered in Azure AD/EntraID. To fix this issue, customer needs to register the application in Azure AD. |
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 532, v4563 |
Password is expired for the service account used for AD. |
| Saving Workflow does not work, and orchestration nodes color changes to red. Error in Workflow UI after save-button is clicked: Workflow is invalid and cannot be saved |
This issue can occur after update to 2024.2 version, where there is EPE migration which affects also workflows containing orchestration nodes. ESM cache is not flushed in all cases after migration and that can cause workflows not to be saved. To solve this issue, ESM cache needs to be cleared after 2024.2 is done. This cache can be cleared from Maintenance / Other actions / Clear persistent Object Caches (it does it immediately when you click it, not asking are you sure). |
|
|
Contact Matrix42 for help. |
2025-02-19 11:51:24,688 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-2) Unexpected response from token endpoint https://customer1.sandbox.signicat.com/auth/open/connect/token. status=400, response={"error":"invalid_request","error_description":"The selected IdP requires to encrypt ID tokens, but no encryption key was found.","error_uri":"https://api.signicat.com/auth/open/config/errors/invalid_request"}2025-02-19 11:51:24,694 WARN [org.keycloak.events] (executor-thread-2) type="IDENTITY_PROVIDER_LOGIN_ERROR", realmId="484ad22b-4f1b-4d0e-bda2-9170a513ad83", clientId="https://customerservice-test.customer1.fi/shibboleth", userId="null", ipAddress="185.59.118.105", error="identity_provider_login_failure", code_id="061805f2-5b24-4f8b-8698-ac30bcdda07a"2025-02-19 11:52:33,443 INFO [com.efecte.keycloak.providers.login.itsm.authenticator.EfecteLoginForm] (executor-thread-2) Returning config property: consul.ACLTokenPath -> /var/lib/efecteone/consul/application_token2025-02-19 11:52:47,809 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-6) Unexpected response from token endpoint https://customer1.sandbox.signicat.com/auth/open/connect/token. status=400, response={"error":"invalid_request","error_description":"The selected IdP requires to encrypt ID tokens, but no encryption key was found.","error_uri":"https://api.signicat.com/auth/open/config/errors/invalid_request"}2025-02-19 11:52:47,815 WARN [org.keycloak.events] (executor-thread-6) type="IDENTITY_PROVIDER_LOGIN_ERROR", realmId="484ad22b-4f1b-4d0e-bda2-9170a513ad83", clientId="https://customerservice-test.customer1.fi/shibboleth", userId="null", ipAddress="185.59.118.105", error="identity_provider_login_failure", code_id="7746cce3-1230-4b52-b8f6-7b32cac14c61" |
Contact Matrix42 for help.
|
There was a problem when creating new User: No serializer found for class org.hibernate.proxy.pojo.bytebuddy.ByteBuddyInterceptor and no properties discovered to create BeanSerializer (to avoid exception, disable SerializationFeature.FAIL_ON_EMPTY_BEANS) (through reference chain: com.efecte.rest.provisioning.dto.activity.UserProvisioningRequest["attributesValues"]->java.util.HashMap["employeeType"]->java.util.ImmutableCollections$ListN[0]->com.efecte.datamodel.statics.StaticString$HibernateProxy$IUo9wfr0["attribute"]->com.bitmount.equipment.BSSAttribute["referredTemplates"]->java.util.ArrayList[0]->com.bitmount.equipment.BSSTemplate["permissions"]->org.hibernate.collection.internal.PersistentBag[0]->com.bitmount.equipment.BSSTemplatePermission["adminRole"]->com.efecte.datamodel.AdminRole$HibernateProxy$FXC8y5j9["hibernateLazyInitializer"])
|
EPE connector mappers doesn't support ESM static attribute. Use some non-static field in mapper, instead of directly using static attribute. |
Error message on scheduled task like:com.efecte.epe.worker.entra.util.MicrosoftEntraProvisioningException: Exception connecting to MicrosoftEntra, HTTP code: 400 at com.efecte.epe.worker.entra.handlers.AbstractHandler.getDataFromMicrosoftEntraGraph(AbstractHandler.java:245) at com.efecte.epe.worker.entra.handlers.AbstractHandler.getDataFromMicrosoftEntraGraph(AbstractHandler.java:206) at com.efecte.epe.worker.entra.handlers.AbstractHandler$MicrosoftEntraDataFetcher.fetchPartialData(AbstractHandler.java:672) at com.efecte.epe.worker.entra.handlers.AbstractHandler$MicrosoftEntraDataFetcher.get(AbstractHandler.java:612) at com.efecte.epe.worker.entra.handlers.AbstractHandler.fetchAndStoreMicrosoftEntraData(AbstractHandler.java:145) at com.efecte.epe.worker.entra.handlers.GenericHandler.handle(GenericHandler.java:44) at com.efecte.epe.worker.entra.TaskHandler.handleDataFetch(TaskHandler.java:109) at com.efecte.epe.worker.entra.TaskHandler.performGraphSearchUsingSecret(TaskHandler.java:55) at com.efecte.epe.worker.entra.TaskHandler.handle(TaskHandler.java:131) at com.efecte.epe.worker.entra.ProvisioningTaskScheduler.lambda$handleTask$0(ProvisioningTaskScheduler.java:177) at java.base/java.util.Optional.ifPresent(Optional.java:178) at com.efecte.epe.worker.entra.ProvisioningTaskScheduler.handleTask(ProvisioningTaskScheduler.java:160) at com.efecte.epe.worker.entra.ProvisioningTaskScheduler.run(ProvisioningTaskScheduler.java:122) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840)
|
Check full epe-worker log file and search for log lines like this:
That tells you the actual issue, that you have in your mapping attribute which is not supported by Graph API you called, in this case issue was with |
|
Nothing is created/updated to esm. Error in log beeing similar to this:
|
Validate and fix unique attribute mapping on scheduled task. (objectGUID)Unique attribute must be also on mapping table of attributes. |
|
|
Problem 401 means usually that EPE can't authenticate to ESM, to push datacards into it. Check if connectors WebAPI user password is set correctly to connector.
If the problem persists, contact Matrix42 for help. |
500 : "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><EOL><EOL> |
This problem 500 is probably caused by issue on data or esm datacard configurations. So far we have found following different reasons. Those are customer specific but there is some "patterns" related data:
|
ERROR c.e.e.d.provisioning.ESMExport - Exception while trying to handle export of data for resource 'users'. Message: Exception thrown while calling Web API with URL: http://1.1.1.1:49019/itsm/ws/dataCardImport.ws?version=1.1&removeEmptyValues=true&folderCode - 500
|
This problem 500 is caused by EPE bug and missing configuration. To solve this, define values for: Failure Template, Failure Folder and Failure Attribute to scheduled task failing with this error. Those are mandatory on version 2025.1., otherwise task will stop on first failure. |
|
Operating system kills datapump when it is exporting data to ESM or Datapump freezes after retrieving files from epe-master |
Contact Matrix42 for help. |
|
Scheduled tasks not running as scheduled Error on log: |
Check and fix your scheduled task scheduling configurations. It is only allowed to use integer numbers on those, not decimal numbers. |