473,320 Members | 1,946 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Active Directory calls failing in production....

I know this has been asked before, I have read the answers given and I am
unable to get this work ( I don't know that much about AD configuration)

I have an asp.net web service that is designed to authenticate and maintain
accounts in active directory. It all works fine when the web service is on
the same machine as the domain controller but when the web service is on a
remote machine it fails on any active directory calls.

I have configured the ProcessModel in the machine.config to run under the
'SYSTEM' account and have set the identity element in the web.config of the
web service to be:
<identity impersonate="true", userName="DOMAIN\ollie" password="password">

this account is a domain administrator account so it will have the
prviliedges required. I have NOT disabled anonymous access for the website.
( I tried this but it still fails)

The LDAP string for connection to the directory service is
LDAP://FB2/DC=DOMAIN,DC=COM

The error that it is returning is "The directory property cannot be found in
the cache" with error code 0x8000500D. I guess that it is able to find the
AD but unable to access the information because of a security restricition
as I said it all works perfectly fine when the web service is on the same
machine as the domain controller, or it could be that the information I am
looking for in the AD is not published for remote access.

Does anyone know what bit of configuration information I am missing to get
the damn thiing working......

Cheers in Advance

Ollie

Nov 16 '05 #1
1 2342
Hi Ollie,
The problem that you are having is called Double Hop Problem I think.

1. Make sure the machine on which you deploy the webservice is also on
the same domain.
2. Goto the Users and COmputer MMC and go the COmputer Container and
select that webservice computer and enable the delegate option.
3. If you are hosting the main webapplication on the domain controller
make sure the delegate option is also set for the domain controller
computer.

4. Make sure you restart the computers after setting that option.

5. Whenever u use the delegation in web.config and u are connecting to
AD through DirectoryServices using integrated login then you have to
set the delegate option.

Read this article I hope it should solve the problem.
http://support.microsoft.com/default...b;en-us;329986

Cheers
and best of luck
Imran
"Ollie" <why do they need this!!!!> wrote in message news:<OX**************@TK2MSFTNGP10.phx.gbl>...
I know this has been asked before, I have read the answers given and I am
unable to get this work ( I don't know that much about AD configuration)

I have an asp.net web service that is designed to authenticate and maintain
accounts in active directory. It all works fine when the web service is on
the same machine as the domain controller but when the web service is on a
remote machine it fails on any active directory calls.

I have configured the ProcessModel in the machine.config to run under the
'SYSTEM' account and have set the identity element in the web.config of the
web service to be:
<identity impersonate="true", userName="DOMAIN\ollie" password="password">

this account is a domain administrator account so it will have the
prviliedges required. I have NOT disabled anonymous access for the website.
( I tried this but it still fails)

The LDAP string for connection to the directory service is
LDAP://FB2/DC=DOMAIN,DC=COM

The error that it is returning is "The directory property cannot be found in
the cache" with error code 0x8000500D. I guess that it is able to find the
AD but unable to access the information because of a security restricition
as I said it all works perfectly fine when the web service is on the same
machine as the domain controller, or it could be that the information I am
looking for in the AD is not published for remote access.

Does anyone know what bit of configuration information I am missing to get
the damn thiing working......

Cheers in Advance

Ollie

Nov 16 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Eugene Burtsev | last post by:
Yes folks, I finally lost it. I need to make a php script cable of creating/editing users in windows active directory. To make it even harder php is installed as a module on Apache running on...
3
by: Dirk Hagemann | last post by:
Hi! I asked here a few weeks ago the same question but the answer of Tim Golden didn't really help yet. I'd like to know how to set up a query for all computer-accounts in a special part of...
10
by: huzz | last post by:
I have web application that quaries the Active Directory to get user details.. everything works fine but someday I'll get System.Runtime.InteropServices.COMExection and if I restart the client...
2
by: Jet Leung | last post by:
Hi all, I had made a program to watching files in my directory. I had used a instance of FileSystemWatcher to do my work.And I had add some events of the FileSystemWatcher , for example onChange,...
5
by: J'son | last post by:
<REPOSTED> Guys, I need to build a web intranet application that can automatically create a user account when a new user registers on the site. The user account will be on the web server,...
2
by: Alpha | last post by:
I need to retrieve and set information in Active Directory in a new project that I'll be working on. I went to Amazon.com to look for a good book on this subject but found books on this subject...
4
by: Dirk Hagemann | last post by:
Hi! When I receive data from Microsoft Active Directory it is an "ad_object" and has the type unicode. When I try to convert it to a string I get this error: UnicodeEncodeError: 'ascii' codec...
18
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample...
3
by: David Bear | last post by:
Is it possible to use python to make calls agains microsoft active directory? I suppose this should be qualified by what is needed to do it from windows (I assume the win32all package) and from...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.