Re: The server is not operational

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/21/05

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Remote connection to the Intranet" 
    Date: Wed, 20 Jul 2005 23:12:04 -0500

    If you can, you might try putting MS's ldp.exe tool on the web server to try various connect, bind and search operations with it as well to verify the connectivity and such. Remember also that DNS needs to be able to resolve whatever DNS names you are using in your path, in case DNS might be configured totally different in the DMZ or something.

    Best of luck,

    Joe K.

      "CalSun" <calsun@gmail.com> wrote in message news:%23NWK10YjFHA.3656@TK2MSFTNGP09.phx.gbl...
      Joe and Paul thanks for helping and the links.

      I've double-checked the path and the configuration. They're all in tack. I tried again and it got thru from my laptop but the webserver.

      I discovered that the web svr doesn't belong to the domain (included in the _path). And I talked to the admin people and had them enable the LDAP from the firewall. The reason I do that 'cause the web srv is in the dmz zone.

      I'll come back to test it out tomorrow and hope it will work.

      I am sure whether the webserver could contact the AD box if it's not in the same domain.

      I will keep y'all updated.

      thanks again for the help.

      --CalSun

        "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:%236joTUXjFHA.2444@tk2msftngp13.phx.gbl...
        The problem is likely in your _path variable (which you do not show). If you don't specify a domain or domain controller name in the path, the ADSI/S.DS tries to determine a DC via the current security context. However, if the current security context can't do that, you'll often get this error.

        Try a path like:
        LDAP://yourdomain.com/DC=yourdomain,DC=com

        instead of one like:
        LDAP://DC=yourdomain,DC=com

        If that doesn't fix it, you might have firewall issues preventing LDAP access or something.

        Additionally, remember that when you specify credentials in a DirectoryEntry bind, they will be sent on the network in cleartext (in 1.1. anyway) unless you specify authenticationtype.Secure or AuthenticationTypes.SecureSocketsLayer (which requires SSL/LDAP support in AD).

        HTH,

        Joe K.

          "CalSun" <calsun@gmail.com> wrote in message news:us3Q$dVjFHA.3568@tk2msftngp13.phx.gbl...
          Hi all,

          I really need your help on this problem. (no help for 1 day goolging).

          I use form authentication on my 2 simple aspx pages.
          User is redirected to login.aspx, then see the main content page.
          I use LDAP to verify the user from a domain named Dserver where the AD users locate.

          Everything works just fine on my laptop (localhost). I could verify the user from the Active Directory. I am also able to verify whether the user belongs to a group named AllowDogs and redirect accordingly (main content page or fail-message).

          Problem: As I move this application to an existing IIS win2k3 std box, I failed to verify user from the Dserver. I got the error message "The server is not operational"

          Here is my IsAuthenticated code:

          Public Function IsAuthenticated(ByVal domain As String, ByVal act As String, ByVal ps As String) As Boolean

          Dim domainAndAct As String = domain & "\" & act

          Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndAct, ps)

          Try

          Dim obj As Object = entry.NativeObject

          Dim search As DirectorySearcher = New DirectorySearcher(entry)

          search.Filter = "(SAMAccountName=" & act & ")"

          search.PropertiesToLoad.Add("cn")

          Dim result As SearchResult = search.FindOne()

          If (result Is Nothing) Then

          Return False

          End If

          'update the path to the user in the directory

          _path = result.Path

          _filterAttribute = result.Properties("cn").Item(0)

          Catch ex As Exception

          'Throw New Exception("Error authenticating user: " & ex.Message)

          Return False

          End Try

          Return True

          End Function

          Thank you all for help/reading
          --CalSun

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Remote connection to the Intranet"

    Relevant Pages

    • Re: A question for developers
      ... I use joe, gedit, kate and bluefish. ... I find that I get the same benefit by creating multiple configuration ... alias evim 'vim -S .evimrc' ...
      (freebsd-questions)
    • Getmail version 4 + spamassassin + procmail
      ... I was running a working setup of getmail version 3, ... "Configuration error: missing required configuration parameter path" ... arguments = ('-d joe',) ...
      (Debian-User)
    • Re: How to implement dual isp
      ... I was wondering how it could be done with my current configuration (not ... Joe ... Then you can implement HSRP inside your network to implement the ... >> We are just about to receive a second 6mb pipe from another ISP. ...
      (comp.security.firewalls)
    • Re: The server is not operational
      ... Joe and Paul thanks for helping and the links. ... I am sure whether the webserver could contact the AD box if it's not in the same domain. ... you might have firewall issues preventing LDAP access or something. ... I use LDAP to verify the user from a domain named Dserver where the AD users locate. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: newbie question: how to build all configurations at once
      ... you've done something odd about your configuration, ... MVP Tips: http://www.flounder.com/mvp_tips.htm ...
      (microsoft.public.vc.mfc)