473,236 Members | 1,668 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,236 software developers and data experts.

Unable to perform GetObject("LDAP://...") bindings when logged in overnight (error '800a0046')

I'm trying to troubleshoot an issue where users are not able to bind
with LDAP via "GetObject" through our ASP Classic Intranet if they
stay logged in overnight (beyond their allowed login hours). The
problem does not occur when performing the same bindings using a logon
script.

So, the user logs in, is able to perform queries all day, and then
fails to log out at the end of the day. We'd prefer that they did log
out nightly, but it happens...

The following morning they unlock their machine during allowed logon
hours and are unable to bind to Active Directory via our Intranet
until they log out / back in or perform a RunAs using their own
credentials.

Any idea what could be happening? We've got "Windows Integrated
Authentication" and "Basic Authentication" enabled, anonymous access
is disabled.

The Intranet has no problem authenticating them and recognizing their
username, but any attempts to bind via GetObject generate this error:

Microsoft VBScript runtime error '800a0046'

Permission denied: 'GetObject'

/auth_functions.asp, line 18

Thanks!

Aug 21 '07 #1
3 5831
You could run a script logging out all users each night
"aydeejay" <ay********@gmail.comwrote in message
news:11**********************@x40g2000prg.googlegr oups.com...
I'm trying to troubleshoot an issue where users are not able to bind
with LDAP via "GetObject" through our ASP Classic Intranet if they
stay logged in overnight (beyond their allowed login hours). The
problem does not occur when performing the same bindings using a logon
script.

So, the user logs in, is able to perform queries all day, and then
fails to log out at the end of the day. We'd prefer that they did log
out nightly, but it happens...

The following morning they unlock their machine during allowed logon
hours and are unable to bind to Active Directory via our Intranet
until they log out / back in or perform a RunAs using their own
credentials.

Any idea what could be happening? We've got "Windows Integrated
Authentication" and "Basic Authentication" enabled, anonymous access
is disabled.

The Intranet has no problem authenticating them and recognizing their
username, but any attempts to bind via GetObject generate this error:

Microsoft VBScript runtime error '800a0046'

Permission denied: 'GetObject'

/auth_functions.asp, line 18

Thanks!
Aug 22 '07 #2
What I'm really looking for is some sort of explanation of what could
be happening -- we could certainly log everyone out as a workaround,
but there are certain users and machines, such as my own, where this
is undesirable.

As it turns out the problem does not involve logon hours, but it seems
to be contingent on how long they remain logged into the system.

This is definitely a Kerberos-related issue...if I stay logged in
overnight and run an ASP script that looks at authentication server
variables to determine the method of authentication being used, NTLM
is employed. If I log out and back into my machine, Kerberos is
employed.

This seems to be an issue involving Kerberos ticket renewal /
expiration, but I haven't read any similar accounts of this problem.

"klist tgt" generates this error under a "stale" login session (left
overnight):

Error calling function LsaCallAuthenticationPackage: 0
The operation completed successfully.
Substatus: 0x8009030e

Under a "fresh" login it works fine:

Cached TGT:

ServiceName: krbtgt
TargetName: krbtgt
FullServiceName: ajones
DomainName: xxx
TargetDomainName: xxx
AltTargetDomainName: xxx
TicketFlags: 0x40e00000
KeyExpirationTime: 256/0/29920 0:103:804
StartTime: 8/23/2007 12:25:28
EndTime: 8/23/2007 21:00:00
RenewUntil: 8/23/2007 21:00:00
TimeSkew: 8/23/2007 21:00:00

On Aug 22, 9:48 am, "ThatsIT.net.au" <me@thatsitwrote:
You could run a script logging out all users each night

"aydeejay" <aydeejo...@gmail.comwrote in message

news:11**********************@x40g2000prg.googlegr oups.com...
I'm trying to troubleshoot an issue where users are not able to bind
with LDAP via "GetObject" through our ASP Classic Intranet if they
stay logged in overnight (beyond their allowed login hours). The
problem does not occur when performing the same bindings using a logon
script.
So, the user logs in, is able to perform queries all day, and then
fails to log out at the end of the day. We'd prefer that they did log
out nightly, but it happens...
The following morning they unlock their machine during allowed logon
hours and are unable to bind to Active Directory via our Intranet
until they log out / back in or perform a RunAs using their own
credentials.
Any idea what could be happening? We've got "Windows Integrated
Authentication" and "Basic Authentication" enabled, anonymous access
is disabled.
The Intranet has no problem authenticating them and recognizing their
username, but any attempts to bind via GetObject generate this error:
Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'
/auth_functions.asp, line 18
Thanks!- Hide quoted text -

- Show quoted text -

Aug 23 '07 #3

"aydeejay" <ay********@gmail.comwrote in message
news:11**********************@l22g2000prc.googlegr oups.com...
What I'm really looking for is some sort of explanation of what could
be happening -- we could certainly log everyone out as a workaround,
but there are certain users and machines, such as my own, where this
is undesirable.

As it turns out the problem does not involve logon hours, but it seems
to be contingent on how long they remain logged into the system.

This is definitely a Kerberos-related issue...if I stay logged in
overnight and run an ASP script that looks at authentication server
variables to determine the method of authentication being used, NTLM
is employed. If I log out and back into my machine, Kerberos is
employed.

It seem like some sort of expiry problem.

>
This seems to be an issue involving Kerberos ticket renewal /
expiration, but I haven't read any similar accounts of this problem.

"klist tgt" generates this error under a "stale" login session (left
overnight):
you may be able to change the life time of the ticket somewhere

>
Error calling function LsaCallAuthenticationPackage: 0
The operation completed successfully.
Substatus: 0x8009030e

Under a "fresh" login it works fine:

Cached TGT:

ServiceName: krbtgt
TargetName: krbtgt
FullServiceName: ajones
DomainName: xxx
TargetDomainName: xxx
AltTargetDomainName: xxx
TicketFlags: 0x40e00000
KeyExpirationTime: 256/0/29920 0:103:804
StartTime: 8/23/2007 12:25:28
EndTime: 8/23/2007 21:00:00
RenewUntil: 8/23/2007 21:00:00
TimeSkew: 8/23/2007 21:00:00

On Aug 22, 9:48 am, "ThatsIT.net.au" <me@thatsitwrote:
>You could run a script logging out all users each night

"aydeejay" <aydeejo...@gmail.comwrote in message

news:11**********************@x40g2000prg.googleg roups.com...
I'm trying to troubleshoot an issue where users are not able to bind
with LDAP via "GetObject" through our ASP Classic Intranet if they
stay logged in overnight (beyond their allowed login hours). The
problem does not occur when performing the same bindings using a logon
script.
So, the user logs in, is able to perform queries all day, and then
fails to log out at the end of the day. We'd prefer that they did log
out nightly, but it happens...
The following morning they unlock their machine during allowed logon
hours and are unable to bind to Active Directory via our Intranet
until they log out / back in or perform a RunAs using their own
credentials.
Any idea what could be happening? We've got "Windows Integrated
Authentication" and "Basic Authentication" enabled, anonymous access
is disabled.
The Intranet has no problem authenticating them and recognizing their
username, but any attempts to bind via GetObject generate this error:
Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'
/auth_functions.asp, line 18
Thanks!- Hide quoted text -

- Show quoted text -

Aug 24 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Chris Mescher | last post by:
Hi everyone, My IIS server won't work properly. I constantly receive the following error on localstart.asp: Microsoft VBScript runtime error '800a0046' Permission denied: 'GetObject' ...
3
by: A.C. Jetter | last post by:
I am using C# in Visual Studio.Net to create an application. The problem I am having is when the main form is moved around on the screen, the "panel" form that is displayed on the tab control...
3
by: mrwoopey | last post by:
Hi, I am using the example "Authenticate against the Active Directory by Using Forms Authentication and Visual Basic .NET": http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340 ...
9
by: rsine | last post by:
I have developed a program that sends a command through the serial port to our business system and then reads from the buffer looking for a number. Everything worked great on my WinXP system, but...
6
by: Jurgen Haan | last post by:
Hi hi, I'm trying to perform a redirected restore, but I get a nice error returned. Does anyone have an idea of what the -5130 errorcode means? db2inst@ELMO:~> db2 restore db efproddb into...
2
by: mirin | last post by:
Hi Folks, I'm using .NET framework 2.0 My code errors out on the below line: objRootDSE = GetObject("LDAP://rootDSE") The error message is "Cannot create ActiveX component". The same...
2
by: mythilikumar | last post by:
Iam unable to complie my c programs? it shows out an error as "unable to include stdio.h" what to do,i feel that there is some problem in my computer what is the rectification?
2
by: hypermonkey2 | last post by:
Hi there! I am using the "shelve" module in a script to save information in between runtime sessions of the program. (its a sort of data collector, so its important to hold on to anything computed...
2
by: Abeeez | last post by:
I want to perform some functions on a ListBox when I click an HTML button but I to avoid postback to minimise the server round trips.... protected void Assign_Button_Click(object sender,...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.