Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Jun 2009 16:53:57 -0500
That I have no idea on. However, it may be that you are either missing some part of the AzMan schema for your LDS server or that some aspect of the MMC snap-in that manages AzMan and persists the policy didn't save all the objects correctly.
I don't know exactly what you mean by a "configuration file" underneath the root as the directory doesn't contain files. It contains objects that have attributes which store data and those objects may also be containers that hold other objects.
But, I'd definitely poke around with AzMan to try to ensure that the policy is saved correctly.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:705F4F40-0F9F-4BC4-AB01-C6A7C6E5FCF6@xxxxxxxxxxxxxxxx
Thank you Joe.
I used the ldp.exe and indeed found that in the 2003 server the content of
my root directory (DC=myDomain,DC=local) includes a configuration file which
is missing on the 2008 machine. Is there some configuration on the 2008
server which prevent the configuration file from being created? How can I
correct it?
--
Thank you,
Ken
"Joe Kaplan" wrote:
Are you sure all the data is stored in ADAM/LDS as expected? I think I'd
probably use the ldp.exe tool that comes with ADAM to look at the data in
both servers and see if it looks the same. Maybe there is something messed
up with the actual data in the directory. You might also try a tool like
LDIFDE to export the data into a text file.
I really don't have any other ideas but if the store is initializing just
fine.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7D170CA2-50F2-4144-988F-CEFFB68AD30C@xxxxxxxxxxxxxxxx
> Hi Joe,
> Thank you. I tried to give permission on ADAM for authenticated users > but
> I
> got the same error. I actually think that the problem is not with > access
> right as the call:
> azStore.Initialize(0, appStoreLocation, null) is returning with no
> exceptions. It is the azStore.OpenApplication2(appName, null) call > which
> return the 'element not found' exception. So I suspect the appName is > not
> found in the ADAM store but I don't know why. The same calls works > great
> with 2003 server... Any other ideas?
> -- > Thank you,
> Ken
>
>
> "Joe Kaplan" wrote:
>
>> Are you sure your app has the right read permissions to the ADAM data?
>> I'm
>> guessing the app would be using Windows auth to bind to the ADAM LDAP
>> server
>> and uses the process identity of the app pool (typically network >> service)
>> to
>> do this. That would mean that you would either need to grant the >> machine
>> account for the domain computer object for the machine read access to
>> ADAM
>> or something more general (I typically give "authenticated users" read
>> access in ADAM unless there is something really sensitive in there >> that
>> requires specific restrictions).
>>
>> The error you are getting is not very helpful at all, but this could >> just
>> be
>> some sort of operational problem related to not being app to read the
>> data.
>> In LDAP, if you try to read data that you don't have permission to >> see,
>> the
>> result to the client is that it simply doesn't exist. You don't get >> an
>> access denied error.
>>
>> If there was a failure to authenticate, at the LDAP layer you'd likely
>> get
>> an "operations error" from ADAM in this case.
>>
>> HTH!
>>
>> -- >> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> "Ken" <Ken@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:58AFD774-91F7-40A8-A196-23BBED2AA9E8@xxxxxxxxxxxxxxxx
>> > Hi,
>> > I'm developing a WPF application which is using AzMan as its policy
>> > store.
>> > The AzMan in configured to work with AD LDS (aka ADAM). The >> > development
>> > environment was with 2003 server and everything was fine. The
>> > deployment
>> > environment has 2008 server and when I'm trying to run the >> > application
>> > I
>> > get
>> > an exception: "Element not found. (Exception from HRESULT:
>> > 0X80070490)".
>> > The
>> > stack trace points to
>> > AZROLESLib.AZAuthorizationStoreClass.OpenApplication2(String
>> > bstrApplicationName, Object varReserved). I call this method with
>> > "MyApp"
>> > and
>> > null and it was working fine on 2003 box.
>> > It seems to me that the application cannot locate "MyApp" in my >> > AzMan
>> > store.
>> > Does The AZMan API expect something different on 2008 than on 2003? >> > Do
>> > I
>> > need
>> > to replace interop.AZROLESLib.dll to a newer version?
>> > -- >> > Thank you,
>> > Ken
>>
>>
.
- Follow-Ups:
- References:
- HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- From: Ken
- Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- From: Joe Kaplan
- Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- From: Ken
- Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- From: Joe Kaplan
- Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- From: Ken
- HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- Prev by Date: Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- Next by Date: Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- Previous by thread: Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- Next by thread: Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
- Index(es):
Relevant Pages
|
