Re: The server is not operational
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/26/05
- Next message: CalSun: "Re: The server is not operational"
- Previous message: Todd B: "CreateProcessWithLogonW"
- In reply to: CalSun: "Re: The server is not operational"
- Next in thread: CalSun: "Re: The server is not operational"
- Reply: CalSun: "Re: The server is not operational"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Jul 2005 11:33:04 -0500
When you do your bind with ldp.exe, what credentials did you use? Those are
probably the exact same credentials you need to use in your DirectoryEntry
constructor.
In ldp, the "domain" checkbox in the binding dialog is roughly equivalent to
specifying "AuthenticationTypes.Secure" in your DE constructor.
The anonymous user in IIS should not come into play unless you have
impersonation enabled in web.config AND you are not supplying credentials in
your DE constructor. If you specify credentials, it will use the ones you
specified.
The domain value that you used in ldp that worked should be the domain value
you use in your LDAP path in your DE constructor. Thus:
mydomain.com
in ldp would translate to:
LDAP://mydomain.com/<something here>
The <something here> should be the distinguished name of the object you want
to bind to or use as a search root.
You can use the "defaultNamingContext" value you see in ldp when it does the
initial "root DSE" query for you. This assumes you want to bind to the
domain root object and want to use it as a search root though.
HTH,
Joe K.
"CalSun" <calsun@gmail.com> wrote in message
news:uPpFTefkFHA.3288@TK2MSFTNGP09.phx.gbl...
> Hi Joe,
> thanks for the informative message. I got ldp and could connect to the DC
> using the domain as mycompany.com. I din't specify SSL or Connectionless,
> it still goes.
> Back to IIS, I checked on the Anonymous option and specified a local user
> name + password to handle all the Anonymous loging. It fails to
> connect/authenticate.
> Do we need a domain user to handle the authentication process (at IIS
> box)? If so, my web server (iis box) is in dmz and I can't see user list
> from the domain. I tried manualy to assign a domain user to the Anonymous
> option such as: domain\user + pw. And it didn't work. This got to be a
> local user to this IIS box (web server).
>
> I use form authentication. When a page is requested, client is redirected
> to a login page.
>
> Again, thanks for all the help.
>
> CalSun
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:upn9fIfkFHA.2916@TK2MSFTNGP14.phx.gbl...
>> Ldp.exe ships with the Windows Server Admin Pack which comes on the CD
>> and also ships with ADAM. The most recent released version is with ADAM
>> or the Windows Server R2 beta if you can get that. I'm pretty sure there
>> is no separate download for it, but I can also send you a copy if you
>> email me offline.
>>
>> LDP can be used for testing the connection to various directories using
>> different values for the server name.
>>
>> The other important thing to know is that the ADSI binding string
>> consists of three parts:
>> <scheme>://<server>/<objectname>
>>
>> The scheme is obviously "LDAP" (case-senstive; watch out!). The server
>> part is OPTIONAL though. If you don't supply a server name, then the
>> LDAP API tries to discover a server for you based on the security context
>> of the current thread. This is the thing that tends to trip people up in
>> web applications as they are often running under a local machine account
>> which has no domain affiliation, so the request for a "serverless bind"
>> as it is called fails with this exact error.
>>
>> The server name can contain DNS names, IP addresses or NETBIOS names.
>> However, DNS names are the way to go as both Kerberos and SSL/LDAP need
>> DNS names to work properly. The DNS name can be the name of the domain
>> or the DNS name of a specific server.
>>
>> The <objectname> is also optional, but I generally think you should
>> always specify something. If you want to search the root of the domain,
>> specify the distinguished name of the domain root. This is usually
>> something like "DC=yourdomain,DC=com" with AD. You can find out this
>> value dynamically by getting the "RootDSE" object and looking at its
>> "defaultNamingContext" attribute. This is better than hard-coding. :)
>>
>> HTH,
>>
>> Joe K.
>> "Rinks Singh" <singhmultani@hotmail.com> wrote in message
>> news:%23FHQw2ekFHA.3148@TK2MSFTNGP09.phx.gbl...
>>> Thanks Joe and Cal for the information on this thread. I am also getting
>>> the same error while trying connect to the AD.
>>>
>>> Can I use LDP.EXE from the workstation to make sure about the
>>> connection.? From where I can downlaod LDP.EXE tool?
>>>
>>> I am able to connect to Directory using command prompt by giving like:
>>> Run LDAP//:DomainName
>>>
>>> After that search box appears and I can search based on Object Type.But
>>> when I try from program I get an error "The server is not Operational"
>>>
>>> Need some help to solve this
>>>
>>>
>>> *** Sent via Developersdex http://www.developersdex.com ***
>>
>>
>
>
- Next message: CalSun: "Re: The server is not operational"
- Previous message: Todd B: "CreateProcessWithLogonW"
- In reply to: CalSun: "Re: The server is not operational"
- Next in thread: CalSun: "Re: The server is not operational"
- Reply: CalSun: "Re: The server is not operational"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
