Re: System.DirectoryServices - The server is not operational
From: George Durzi (gdurzi_at_hotmail.com)
Date: 12/15/04
- Next message: Darren Bennett: "Re: Win32 Application CryptoAPI"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: System.DirectoryServices - The server is not operational"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: System.DirectoryServices - The server is not operational"
- Next in thread: Patrick Olurotimi Ige: "Re: System.DirectoryServices - The server is not operational"
- Reply: Patrick Olurotimi Ige: "Re: System.DirectoryServices - The server is not operational"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Dec 2004 15:44:43 -0700
Joe,
Some success finally!
I'm using VN-SRV-DC01.isacorp.corp.com as the domain name and I can finally
authenticate.
Now I'm getting an error when I try to get the groups the user belongs to.
Another problem for another day :)
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:ucjM6Sv4EHA.3908@TK2MSFTNGP12.phx.gbl...
> Ok, you are binding by the domain DNS name, not the DC DNS name. That
> should work in ADSI too.
>
> Other things to try in your LDAP path would be the IP address or the
> actual DNS name of the DC, VN-SRV-DC01.corp.isacorp.com. One of those
> should work.
>
> Also, you might consider trying different name formats for the username.
> You can use NT format (domain\user), user principal name
> (user@domain.com), the DN (if you turn off Secure authentication; not a
> good idea), or the plain user name as long as Secure is enabled. For
> domain\user, domain can be the NETBIOS or DNS style.
>
> However, if username was the issue, you wouldn't be getting "server not
> operational".
>
> Joe K.
>
>
> "George Durzi" <gdurzi@hotmail.com> wrote in message
> news:uKcFz$u4EHA.208@TK2MSFTNGP12.phx.gbl...
>>I ran ldp.exe on the web server itself, and did a "Bind" operation to the
>>domain corp.isacorp.com. Here's what I got:
>>
>> ld = ldap_open("10.0.10.16", 389);
>> Established connection to 10.0.10.16.
>> Retrieving base DSA information...
>> Result <0>: (null)
>> Matched DNs:
>> Getting 1 entries:
>>>> Dn:
>> 1> currentTime: 12/15/2004 14:35:24 US Mountain Standard Time US Mountain
>> Standard Time;
>> 1> subschemaSubentry:
>> CN=Aggregate,CN=Schema,CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> 1> dsServiceName: CN=NTDS
>> Settings,CN=VN-SRV-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> 3> namingContexts: DC=corp,DC=isacorp,DC=com;
>> CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> CN=Schema,CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> 1> defaultNamingContext: DC=corp,DC=isacorp,DC=com;
>> 1> schemaNamingContext:
>> CN=Schema,CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> 1> configurationNamingContext:
>> CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> 1> rootDomainNamingContext: DC=corp,DC=isacorp,DC=com;
>> 21> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801;
>> 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417;
>> 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529;
>> 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970;
>> 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339;
>> 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
>> 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10;
>> 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802;
>> 2> supportedLDAPVersion: 3; 2;
>> 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv;
>> MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime;
>> MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize;
>> MaxNotificationPerConn; MaxValRange;
>> 1> highestCommittedUSN: 337599;
>> 4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
>> 1> dnsHostName: VN-SRV-DC01.corp.isacorp.com;
>> 1> ldapServiceName: corp.isacorp.com:vn-srv-dc01$@CORP.ISACORP.COM;
>> 1> serverName:
>> CN=VN-SRV-DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=isacorp,DC=com;
>> 3> supportedCapabilities: 1.2.840.113556.1.4.800;
>> 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
>> 1> isSynchronized: TRUE;
>> 1> isGlobalCatalogReady: FALSE;
>> 1> domainFunctionality: 1;
>> 1> forestFunctionality: 1;
>> 1> domainControllerFunctionality: 2;
>> -----------
>> res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
>> {NtAuthIdentity: User='gdurzi'; Pwd= <unavailable>; domain =
>> 'VN-SRV-DC01.corp.isacorp.com'.}
>> Authenticated as dn:'gdurzi'.
>>
>>
>> VN-SRV-DC01 is the name of the DC, and it's IP is 10.0.10.16. Both of
>> those appear in the text above.
>>
>> And from this:
>>
>> ld = ldap_open("10.0.10.16", 389);
>>
>> Established connection to 10.0.10.16
>>
>> We can tell that port 389 is open, and that we're not having any problems
>> accessing AD
>>
>> So I guess this might come down to the formatting of my LDAP
>> connectstring?
>>
>> My DirectoryEntry constructor is as follows:
>>
>> DirectoryEntry oDE = new DirectoryEntry(
>> "LDAP://corp.isacorp.com/DC=corp,DC=isacorp,DC=com",
>> "corp.isacorp.com\gdurzi",
>> mypassword, AuthenticationTypes.Secure);
>>
>>
>>
>> Thanks a lot for all the help you've provided thus far!
>>
>>
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote in message news:OpPquou4EHA.3648@TK2MSFTNGP11.phx.gbl...
>>> The host name is the thing to be worried about. When you do your
>>> Connect... in ldp, you need to put in the DNS name of the domain from
>>> your LDAP path below: corp.companyname.com
>>>
>>> If that works from the IIS server, then you should be fine. If not, I'd
>>> check that first. You can also check DNS to find the host name for the
>>> DC you want. You also need to make sure that TCP port 389 is open to
>>> the DC in question, as your traffic might be getting blocked by the
>>> firewall.
>>>
>>> Joe K.
>>>
>>> "George Durzi" <gdurzi@hotmail.com> wrote in message
>>> news:%237P9tKu4EHA.1452@TK2MSFTNGP11.phx.gbl...
>>>> Joe,
>>>> Could it have something to do with how my LDAP Connection String is
>>>> formatted?
>>>> LDAP://corp.CompanyName.com/DC=corp,DC=CompanyName,DC=com
>>>> I'm not sure if this is how it should be formatted, I copied what was
>>>> working for the same app on another domain.
>>>> And the domain is called corp.CompanyName.corp
>>>>
>>>> I can't compare it to what works in ldp.exe because when I bind to the
>>>> domain there, I'm providing my id, password, and domain
>>>> corp.CompanyName.corp. Then the DN I use for my search is
>>>> CN=USERS,DC=CORP,DC=CompanyName,DC=COM
>>>>
>>>> Thanks, and I'll check out your other suggestion too.
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Darren Bennett: "Re: Win32 Application CryptoAPI"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: System.DirectoryServices - The server is not operational"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: System.DirectoryServices - The server is not operational"
- Next in thread: Patrick Olurotimi Ige: "Re: System.DirectoryServices - The server is not operational"
- Reply: Patrick Olurotimi Ige: "Re: System.DirectoryServices - The server is not operational"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
