Active Directory calls failing in production....

Discussion in 'ASP .Net Security' started by Ollie, Aug 15, 2004.

  1. Ollie

    Ollie Guest

    I know this has been asked before, I have read the answers given and I am
    unable to get this work ( I don't know that much about AD configuration)

    I have an asp.net web service that is designed to authenticate and maintain
    accounts in active directory. It all works fine when the web service is on
    the same machine as the domain controller but when the web service is on a
    remote machine it fails on any active directory calls.

    I have configured the ProcessModel in the machine.config to run under the
    'SYSTEM' account and have set the identity element in the web.config of the
    web service to be:
    <identity impersonate="true", userName="DOMAIN\ollie" password="password">

    this account is a domain administrator account so it will have the
    prviliedges required. I have NOT disabled anonymous access for the website.
    ( I tried this but it still fails)

    The LDAP string for connection to the directory service is
    LDAP://FB2/DC=DOMAIN,DC=COM

    The error that it is returning is "The directory property cannot be found in
    the cache" with error code 0x8000500D. I guess that it is able to find the
    AD but unable to access the information because of a security restricition
    as I said it all works perfectly fine when the web service is on the same
    machine as the domain controller, or it could be that the information I am
    looking for in the AD is not published for remote access.

    Does anyone know what bit of configuration information I am missing to get
    the damn thiing working......

    Cheers in Advance

    Ollie
     
    Ollie, Aug 15, 2004
    #1
    1. Advertising

  2. Ollie

    Imran Masud Guest

    Hi Ollie,
    The problem that you are having is called Double Hop Problem I think.

    1. Make sure the machine on which you deploy the webservice is also on
    the same domain.
    2. Goto the Users and COmputer MMC and go the COmputer Container and
    select that webservice computer and enable the delegate option.
    3. If you are hosting the main webapplication on the domain controller
    make sure the delegate option is also set for the domain controller
    computer.

    4. Make sure you restart the computers after setting that option.

    5. Whenever u use the delegation in web.config and u are connecting to
    AD through DirectoryServices using integrated login then you have to
    set the delegate option.



    Read this article I hope it should solve the problem.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;329986

    Cheers
    and best of luck
    Imran


    "Ollie" <why do they need this!!!!> wrote in message news:<>...
    > I know this has been asked before, I have read the answers given and I am
    > unable to get this work ( I don't know that much about AD configuration)
    >
    > I have an asp.net web service that is designed to authenticate and maintain
    > accounts in active directory. It all works fine when the web service is on
    > the same machine as the domain controller but when the web service is on a
    > remote machine it fails on any active directory calls.
    >
    > I have configured the ProcessModel in the machine.config to run under the
    > 'SYSTEM' account and have set the identity element in the web.config of the
    > web service to be:
    > <identity impersonate="true", userName="DOMAIN\ollie" password="password">
    >
    > this account is a domain administrator account so it will have the
    > prviliedges required. I have NOT disabled anonymous access for the website.
    > ( I tried this but it still fails)
    >
    > The LDAP string for connection to the directory service is
    > LDAP://FB2/DC=DOMAIN,DC=COM
    >
    > The error that it is returning is "The directory property cannot be found in
    > the cache" with error code 0x8000500D. I guess that it is able to find the
    > AD but unable to access the information because of a security restricition
    > as I said it all works perfectly fine when the web service is on the same
    > machine as the domain controller, or it could be that the information I am
    > looking for in the AD is not published for remote access.
    >
    > Does anyone know what bit of configuration information I am missing to get
    > the damn thiing working......
    >
    > Cheers in Advance
    >
    > Ollie
     
    Imran Masud, Aug 16, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anthony Frayling
    Replies:
    0
    Views:
    197
    Anthony Frayling
    Mar 5, 2004
  2. Ollie

    Active Directory calls failing in production....

    Ollie, Aug 15, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    126
    Imran Masud
    Aug 16, 2004
  3. Tony Archer
    Replies:
    10
    Views:
    206
    Tony Archer
    Dec 1, 2003
  4. Tony Archer
    Replies:
    0
    Views:
    115
    Tony Archer
    Dec 1, 2003
  5. Fernand Galiana

    Ajax calls intermitently failing...

    Fernand Galiana, Nov 5, 2005, in forum: Ruby
    Replies:
    1
    Views:
    126
Loading...

Share This Page