cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IQService Returned Non Zero Exit Code 255

IQService Returned Non Zero Exit Code 255

Symptoms

Suppose, you are trying to execute a native rule and you are getting non zero exit code 255 while trying to invoke PowerShell script from IDN native rule then you must below things -

 

Depending on our shell, exit code 255 might mean that the returned exit code is outside of the 0-255 range.

If the error code is 255 then there is something wrong in the native rule and Powershell script which is not understood by cmd.exe or shell.

Please follow the below diagnosis -

 

Diagnosis

Enable the info log of IQService - using the below steps

  1. Stop the IQService service.
  2. Go to IQService folder and hit the command - IQService.exe -l 2 -f IqserviceInfo.txt
  3. Restart the IQService.

Analyze the IQService logs, if something wrong in the RPCRequest and Response.

Validate the attributes of native rule is seem like below -

 

 

"attributes": {
            "ObjectOrientedScript": "true",
            "extension": ".ps1",
            "sourceVersion": "1.0",
            "disabled": "false",
            "program": "powershell.exe",
            "timeout": "300"
},

 

 

Solution

If native rule's attribute are not like above mentioned then update those in native rule.

Pass the exact path of Utils.dll in native rule and Powershell script.

Try to pass only nativeidentity via command in native rule toPowershell script rather than passing rpcrequest in the command.

 

Thanks,

IAM_PDU

Labels (1)
Comments

Could you provide an example for parts 2 and 3 of the solution?

Hello @ssalens2 ,

 

please find the below code snippet.

 

Add-Type -Path "C:\SailPoint\IQService\Utils.dll";
$sReader = New-Object System.IO.StringReader([System.String]$env:Request);
$xmlReader = [System.xml.XmlTextReader]([sailpoint.utils.xml.XmlUtil]::getReader($sReader));
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
$requestAsString = $requestObject.nativeIdentity
$command = "C:\SailPoint\IQService\test.ps1"
$command = -join ($command, " -requestString '$requestAsString'")
Invoke-Expression $command

 Thanks,

IAM_PDU

Version history
Revision #:
6 of 6
Last update:
‎May 27, 2022 08:10 PM
Updated by:
 
Contributors