By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,125 Members | 1,542 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,125 IT Pros & Developers. It's quick & easy.

Directory Services error: The authentication mechanism is unknown

P: n/a
Hello

I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.

The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.

We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.

Here is a successful output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457

Here is the problematic output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)

Any help is much appreciated.

Cheers

Here is our test code:

try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);

AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);

// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];

// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}

END
Nov 22 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Is the production server a domain member of the AD domain?

Willy.
"David Moore" <da***@realdevelopments.com> wrote in message news:OD**************@TK2MSFTNGP12.phx.gbl...
Hello

I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.

The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.

We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.

Here is a successful output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457

Here is the problematic output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)

Any help is much appreciated.

Cheers

Here is our test code:

try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);

AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);

// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];

// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}

END
Nov 22 '05 #2

P: n/a
Yes it is

"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:OD**************@TK2MSFTNGP09.phx.gbl...
Is the production server a domain member of the AD domain?

Willy.
"David Moore" <da***@realdevelopments.com> wrote in message
news:OD**************@TK2MSFTNGP12.phx.gbl...
Hello

I am using the System.DirectoryServices namespace classes to access Active
Directory. We connect using the LDAP://DOMAIN method.

The code works on local dev boxes, and in staging, but doesn't work on a
particular box in our production environment. When we try to connect and do
a search, we get a "The authentication mechanism is unknown" error. I have
searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and
found this error, but noone can offer an explanation or a solution.

We put together a simple application to help us debug the problem, using the
same code we used in our application, but allowing us to have logging and
see the stack trace. We ran this as a console application, then as a ASP.NET
application, with the same result (it works, and defaults to the Secure
authentication type - except it breaks on the production box!). Trying other
authentication types doesn't help either.

Here is a successful output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457

Here is the problematic output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boole an
throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObj ect()
at System.DirectoryServices.DirectorySearcher.FindAll (Boolean
findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne ()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)

Any help is much appreciated.

Cheers

Here is our test code:

try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text,
txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'",
ddlAuthenticationType.SelectedItem.Value);

AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse(
typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring
AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames(
typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text,
txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}",
entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}",
entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);

// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals =
result.Properties["employeeid"];

// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory
entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}

END
Nov 22 '05 #3

P: n/a
>Yes it is

I'd recommend

a) to check out the microsoft.public.adsi.general newsgroup - lots of
AD cracks there

b) Look into ASP.NET issues - things like what context does the app
run under etc.

c) Check out the Directory Services + ADSI Yahoo! group - again, lots
of AD and ASP.NET cracks there
http://groups.yahoo.com/group/ADSIANDDirectoryServices/

d) LEARN hot to post in PURE text (*NOT* HTML) and LIMIT QUOTING when
answeing..... (just to answer "yes it is", you don't need to repeat
300 lines of other text........)

Thanks!
Marc

================================================== ==============
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
Nov 22 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.