Ask a Question related to ASP.NET Security, Design and Development.
-
brian #1
"server not operational"
We have seen this in our environment historically and are trying to
eradicate. recently, we had a big flurry of these errors. It is
almost impossible to reproduce .. an exception gets thrown, "the server
is not operational" and here is the code
dirConn.DirRootAD.Username = ConvertToCorrectUserNameFormat(sUserName,
ADConnManager.Domain)
dirConn.DirRootAD.Password = Password
dirConn.DirRootAD.AuthenticationType =
AuthenticationTypes.ServerBind
mySearcher.Filter =
"(&(objectCategory=user)(|(sAMAccountName=" + sUserName +
")(userPrincipalName=" + sUserName + ")))"
dirConn.DirRootAD =
mySearcher.FindOne().GetDirectoryEntry()
....
Finally
If Not objDirEntry Is Nothing Then objDirEntry.Dispose()
If Not dirConn Is Nothing Then dirConn.Dispose()
I hear this may be due to a BUG in the .NET framework? any truth to
that? Any suggestions would be helpful.
brian Guest
-
Proj cannot run on LCDS 2.6 ES due to "Unable to resolveresource bundle "datamanagement" for locale "en_US"
hi, all, We have developped an application on Flex Build 3 (run successfully), but failed when we try to deploy it on Tomcat with LCDS 2.5 ES... -
how to get a file from the "Testing Server" / "remote view"
if I want to get a particular file from the "Testing Sever" or "remote view" in my extension, how can i do so? Thanks a lot!!! -
CFINPUT type="radio" w/ "value" requires "label"
On a Flash form, when you specify type='radio' and value='whatever', the value of the 'value' attribute will be displayed as a label if no 'label'... -
<tr id="MyRow" runat="server"> ... </tr> doesn't appear in server-side code
pschrader: Look at the top of your page, where your controls are declared. Do you see one for HTMLTableRow? You may have to manually add it, if... -
"Start" "Program" "Menu" list is empty
For what ever reason my list of installed programs in my "Start" "Programs" menu is empty. Anyone know how to restore the list. Thanks for your... -
Joe Kaplan \(MVP - ADSI\) #2 Re: "server not operational"
Did you specify a server name in your path property for the root
DirectoryEntry? If not, then you are relying on the ADSI "serverless
binding" feature. Serverless binding allows you to infer a domain
controller to use automatically.
Unfortunately, serverless binding works based on the current security
context of the thread. Specifically, it must be a domain account in order
for it to work. In ASP.NET, you may or may not be running under a domain
account depending on the current process account settings and the current
impersonation settings.
If you can specify a specific domain controller to use and that fixes the
problem, then you know that was your problem.
Joe K.
"brian" <katiesoft1@yahoo.com> wrote in message
news:1109698497.284347.294550@z14g2000cwz.googlegr oups.com...> We have seen this in our environment historically and are trying to
> eradicate. recently, we had a big flurry of these errors. It is
> almost impossible to reproduce .. an exception gets thrown, "the server
> is not operational" and here is the code
>
> dirConn.DirRootAD.Username = ConvertToCorrectUserNameFormat(sUserName,
> ADConnManager.Domain)
> dirConn.DirRootAD.Password = Password
> dirConn.DirRootAD.AuthenticationType =
> AuthenticationTypes.ServerBind
> mySearcher.Filter =
> "(&(objectCategory=user)(|(sAMAccountName=" + sUserName +
> ")(userPrincipalName=" + sUserName + ")))"
> dirConn.DirRootAD =
> mySearcher.FindOne().GetDirectoryEntry()
>
> ...
>
> Finally
> If Not objDirEntry Is Nothing Then objDirEntry.Dispose()
> If Not dirConn Is Nothing Then dirConn.Dispose()
>
>
>
>
> I hear this may be due to a BUG in the .NET framework? any truth to
> that? Any suggestions would be helpful.
>
Joe Kaplan \(MVP - ADSI\) Guest
-
brian #3 Re: "server not operational"
thanks for the reply Joe. We do not specify a specific controller, but
we do that so we can get redundancy. We can't have a single point of
failure in our environment. We do run the code under a service
account.
with serverless bindings, how does it work out what dc to use? Could
it be picking a DC not on that subnet and the call is timing out?
Based on my findings, I think the issue could be related to a memory
leak in this call "mySearcher.FindOne().GetDirectoryEntry()" ... as it
is a sporadic issue (maybe caused by unusual load?). One guy was
quoted as saying "never use FindOne" as there are known issues with it.
We used to authenticate off of a Domino directory, and we experienced
sporadic issues like this too. However, when using domino, we did
specify the exact server.
its very strange error ...i used to have a monitoring service running
to catch the error ... it would happen 1 out of every 400 calls in
domino. we hadn't seen it in AD for the first month of operation, now
it is an everyday occurance.
brian Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: "server not operational"
Ah, perhaps it could be a memory leak. You need to be super careful with
SDS in long running processes and make sure you religiously use the "using"
construct on all of the disposables (DirectoryEntry, DirectorySearcher,
SearchResultCollection). You can also use this safely on all of the
properties that return DirectoryEntry objects as they all return new
objects, not an object held as a member of the containing class.
The bug in FindOne only happens if it finds nothing as it will leak the
underlying SearchResultCollection in that case. However, I'm pretty sure
this was fixed in the recent .NET service packs.
Serverless binding works based on the DsGetDCName API (read it for more
details). Essentially, it tries to find a DC in the current site that
matches the domain of the current account. I'm not actually sure how it
behaves in an actual fail over situation. It is supposed to just fail you
over if you lose the connection to the DC, but this is pretty hard to test
in practice.
There's actually a trick with IADsObjectOptions that allows you to discover
the current server. You can also do that by getting dnsHostName off of
RootDSE.
..NET 2.0 gives you some more control over serverless binding by exposing the
API directly through the new DomainController class in the ActiveDirectory
namespace. Something to look forward to.
HTH,
Joe K.
"brian" <katiesoft1@yahoo.com> wrote in message
news:1109728831.474101.206770@z14g2000cwz.googlegr oups.com...> thanks for the reply Joe. We do not specify a specific controller, but
> we do that so we can get redundancy. We can't have a single point of
> failure in our environment. We do run the code under a service
> account.
>
> with serverless bindings, how does it work out what dc to use? Could
> it be picking a DC not on that subnet and the call is timing out?
>
> Based on my findings, I think the issue could be related to a memory
> leak in this call "mySearcher.FindOne().GetDirectoryEntry()" ... as it
> is a sporadic issue (maybe caused by unusual load?). One guy was
> quoted as saying "never use FindOne" as there are known issues with it.
> We used to authenticate off of a Domino directory, and we experienced
> sporadic issues like this too. However, when using domino, we did
> specify the exact server.
>
> its very strange error ...i used to have a monitoring service running
> to catch the error ... it would happen 1 out of every 400 calls in
> domino. we hadn't seen it in AD for the first month of operation, now
> it is an everyday occurance.
>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
