By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,562 Members | 1,264 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,562 IT Pros & Developers. It's quick & easy.

Active Directory calls failing in production....

P: n/a
I know this has been asked before, I have read the answers given and I am
unable to get this work ( I don't know that much about AD configuration)

I have an asp.net web service that is designed to authenticate and maintain
accounts in active directory. It all works fine when the web service is on
the same machine as the domain controller but when the web service is on a
remote machine it fails on any active directory calls.

I have configured the ProcessModel in the machine.config to run under the
'SYSTEM' account and have set the identity element in the web.config of the
web service to be:
<identity impersonate="true", userName="DOMAIN\ollie" password="password">

this account is a domain administrator account so it will have the
prviliedges required. I have NOT disabled anonymous access for the website.
( I tried this but it still fails)

The LDAP string for connection to the directory service is
LDAP://FB2/DC=DOMAIN,DC=COM

The error that it is returning is "The directory property cannot be found in
the cache" with error code 0x8000500D. I guess that it is able to find the
AD but unable to access the information because of a security restricition
as I said it all works perfectly fine when the web service is on the same
machine as the domain controller, or it could be that the information I am
looking for in the AD is not published for remote access.

Does anyone know what bit of configuration information I am missing to get
the damn thiing working......

Cheers in Advance

Ollie

Nov 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi Ollie,
The problem that you are having is called Double Hop Problem I think.

1. Make sure the machine on which you deploy the webservice is also on
the same domain.
2. Goto the Users and COmputer MMC and go the COmputer Container and
select that webservice computer and enable the delegate option.
3. If you are hosting the main webapplication on the domain controller
make sure the delegate option is also set for the domain controller
computer.

4. Make sure you restart the computers after setting that option.

5. Whenever u use the delegation in web.config and u are connecting to
AD through DirectoryServices using integrated login then you have to
set the delegate option.

Read this article I hope it should solve the problem.
http://support.microsoft.com/default...b;en-us;329986

Cheers
and best of luck
Imran
"Ollie" <why do they need this!!!!> wrote in message news:<OX**************@TK2MSFTNGP10.phx.gbl>...
I know this has been asked before, I have read the answers given and I am
unable to get this work ( I don't know that much about AD configuration)

I have an asp.net web service that is designed to authenticate and maintain
accounts in active directory. It all works fine when the web service is on
the same machine as the domain controller but when the web service is on a
remote machine it fails on any active directory calls.

I have configured the ProcessModel in the machine.config to run under the
'SYSTEM' account and have set the identity element in the web.config of the
web service to be:
<identity impersonate="true", userName="DOMAIN\ollie" password="password">

this account is a domain administrator account so it will have the
prviliedges required. I have NOT disabled anonymous access for the website.
( I tried this but it still fails)

The LDAP string for connection to the directory service is
LDAP://FB2/DC=DOMAIN,DC=COM

The error that it is returning is "The directory property cannot be found in
the cache" with error code 0x8000500D. I guess that it is able to find the
AD but unable to access the information because of a security restricition
as I said it all works perfectly fine when the web service is on the same
machine as the domain controller, or it could be that the information I am
looking for in the AD is not published for remote access.

Does anyone know what bit of configuration information I am missing to get
the damn thiing working......

Cheers in Advance

Ollie

Nov 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.