Last post Sep 15, 2010 10:27 AM by koenj
Apr 06, 2007 04:28 PM|ian_a_anderson|LINK
I have an ASP.Net 2.0 website configured to use Active Directory for forms authentication via the ActiveDirectoryMemberShipProvider. Configuration is as follows:
This works fine initially, then, after some time (day or two) I get errors with the following stack trace:
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at System.Web.Security.ActiveDirectoryMembershipProvider.FindUser(DirectoryEntry
containerEntry, String filter, SearchScope searchScope, Boolean retrieveSAMAccountName, DirectoryEntry& userEntry, Boolean& resetBadPasswordAnswerAttributes, String& sAMAccountName) at System.Web.Security.ActiveDirectoryMembershipProvider.FindUser(DirectoryEntry
containerEntry, String filter, DirectoryEntry& userEntry, Boolean& resetBadPasswordAnswerAttributes) at System.Web.Security.ActiveDirectoryMembershipProvider.GetUser(String username, Boolean userIsOnline) at System.Web.Security.Membership.GetUser(String username,
Boolean userIsOnline) at System.Web.Security.Membership.GetUser(String username)
It seems like ASP.NET is initially successful in connecting to AD and authenticating. I can see the ldapUserAccount authenticating on the domain controller when I start the application. The errors appear to begin at the first page request after a long period
of inactivity (typically overnight). My only guess at this point is that the ActiveDirectoryMembershipProvider is caching the AD connection somehow and the connection is getting corrupted. Once corrupted the provider doesn't seem to recover, and just throws
the "server is not operational" errors on any subsequent requests. As I said before, restarting the application fixes this as the membership provider appears to have no problems creating a new AD connection after a restart.
Any suggestions would be greatly appreciated!
FormsAuthentication Active Directory
Apr 09, 2007 04:44 AM|Zhao Ji Ma - MSFT|LINK
Thanks for the post. Accroding to the Stack Trace. The ActiveDirectoryMembershipProvider thrown an COMException when the ASP.NET web application tried to bind to the Active Directory again after a long idle period.
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject()
Apr 09, 2007 02:37 PM|ian_a_anderson|LINK
We have two Domain Controllers (Primary and Backup) at the facility where the ASP.NET server is located. Neither were undergoing maintenance at the time of this issue.
Apr 09, 2007 02:49 PM|ian_a_anderson|LINK
May 12, 2008 10:19 AM|gooma|LINK
Have u managed to fix this? I have exactly the same problem right now, only it happens faster.. within an hour or so.
May 12, 2008 05:41 PM|zielin|LINK
I am seeing the same issue as well. It seems to be environmental as the problem appears in one client's environment, but not in the several other client environments we have the same component set up in. Any advice would be greatly appreciated.
May 13, 2008 11:33 PM|ian_a_anderson|LINK
I ended up opening an issue with MS Support on this and went through a couple rounds of debugging with them. There is definitely something wrong with the way the ActiveDirectoryMembershipProvider is working, but they didn't really figure out what. Basically
they just had me workaround the issue by specifying the LDAP port (389) explicitly in the connection string:
It has worked fine for me ever since I added this to the connection string. Not sure why this fixes it... but it seems to be the solution.
Hope that helps!
May 14, 2008 01:44 PM|gooma|LINK
It seems to work for me too! Thank you so much!! You just saved my life ;]
Jun 13, 2008 09:53 PM|jagchamp|LINK
Ian, I cannot tell you how grateful I am that you posted this. One day my app just stopped working. The logs showed that I had the issue "cannot establish a secure connection to server"...after pulling ALL of my hair out and trying every tip that was listed
for that error, I changed the ConnectionProtection to "None", and got the "Server not Operational" error... then I found your post. Very much appreciated!
cannot establish a secure connection to the server.
server not operational
Oct 17, 2008 07:25 AM|Jkutta|LINK
I have run into this problem again. From my machine I don't run into this error. But when i upload the application to the webserver i get this error.
Both on my machine and on the server, the IIS runs under Network_Service Account.
My Machine runs on Vista and the Server on WIN2003.
Sep 15, 2010 10:27 AM|koenj|LINK
That did the trick once again!