I have an ASP.Net 2.0 website configured to use Active Directory for forms authentication via the ActiveDirectoryMemberShipProvider. Configuration is as follows:
This works fine initially, then, after some time (day or two) I get errors with the following stack trace:
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at System.Web.Security.ActiveDirectoryMembershipProvider.FindUser(DirectoryEntry
containerEntry, String filter, SearchScope searchScope, Boolean retrieveSAMAccountName, DirectoryEntry& userEntry, Boolean& resetBadPasswordAnswerAttributes, String& sAMAccountName) at System.Web.Security.ActiveDirectoryMembershipProvider.FindUser(DirectoryEntry
containerEntry, String filter, DirectoryEntry& userEntry, Boolean& resetBadPasswordAnswerAttributes) at System.Web.Security.ActiveDirectoryMembershipProvider.GetUser(String username, Boolean userIsOnline) at System.Web.Security.Membership.GetUser(String username,
Boolean userIsOnline) at System.Web.Security.Membership.GetUser(String username)
It seems like ASP.NET is initially successful in connecting to AD and authenticating. I can see the ldapUserAccount authenticating on the domain controller when I start the application. The errors appear to begin at the first page request after a long period
of inactivity (typically overnight). My only guess at this point is that the ActiveDirectoryMembershipProvider is caching the AD connection somehow and the connection is getting corrupted. Once corrupted the provider doesn't seem to recover, and just throws
the "server is not operational" errors on any subsequent requests. As I said before, restarting the application fixes this as the membership provider appears to have no problems creating a new AD connection after a restart.
Any suggestions would be greatly appreciated!
-Ian
FormsAuthentication Active DirectoryauthenticationMembership ProviderActive Directory
Thanks for the post. Accroding to the Stack Trace. The ActiveDirectoryMembershipProvider thrown an COMException when the ASP.NET web application tried to bind to the Active Directory again after a long idle period.
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject()
Based on my understanding,
DirectoryEntry is trying to re-bind to the server, so it is not using cached connection. However I think the problem might be the server is undergoing maintaince operation or restarting.
Please check the Event Log of both Web Server and the Domain Controller if this is the problem. Moreover, the Event Log might provide more information. Hope it helps.
Zhao Ji Ma
Sincerely,
Microsoft Online Community Support
“Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
We have two Domain Controllers (Primary and Backup) at the facility where the ASP.NET server is located. Neither were undergoing maintenance at the time of this issue.
Also... I think ASP.NET or the ActiveDirectoryMembershipProvider is at fault in some way, as restarting the application resolves the issue (until it happens again).
I am seeing the same issue as well. It seems to be environmental as the problem appears in one client's environment, but not in the several other client environments we have the same component set up in. Any advice would be greatly appreciated.
I ended up opening an issue with MS Support on this and went through a couple rounds of debugging with them. There is definitely something wrong with the way the ActiveDirectoryMembershipProvider is working, but they didn't really figure out what. Basically
they just had me workaround the issue by specifying the LDAP port (389) explicitly in the connection string:
Ian, I cannot tell you how grateful I am that you posted this. One day my app just stopped working. The logs showed that I had the issue "cannot establish a secure connection to server"...after pulling ALL of my hair out and trying every tip that was listed
for that error, I changed the ConnectionProtection to "None", and got the "Server not Operational" error... then I found your post. Very much appreciated!
cannot establish a secure connection to the server.server not operational
ian_a_anders...
Member
20 Points
17 Posts
ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operational
Apr 06, 2007 03:28 PM|LINK
I have an ASP.Net 2.0 website configured to use Active Directory for forms authentication via the ActiveDirectoryMemberShipProvider. Configuration is as follows:
<membership defaultProvider="ActiveDirectoryMembershipProvider">
<providers>
<add
name="ActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" attributeMapUsername="sAMAccountName" enablePasswordReset="false" requiresQuestionAndAnswer="false" maxInvalidPasswordAttempts="999" enableSearchMethods="false" connectionStringName="LDAP://domain.com/DC=domain,DC=com" connectionUsername="domain\ldapUserAccount" connectionPassword="password"/></
providers></
membership>This works fine initially, then, after some time (day or two) I get errors with the following stack trace:
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at System.Web.Security.ActiveDirectoryMembershipProvider.FindUser(DirectoryEntry containerEntry, String filter, SearchScope searchScope, Boolean retrieveSAMAccountName, DirectoryEntry& userEntry, Boolean& resetBadPasswordAnswerAttributes, String& sAMAccountName) at System.Web.Security.ActiveDirectoryMembershipProvider.FindUser(DirectoryEntry containerEntry, String filter, DirectoryEntry& userEntry, Boolean& resetBadPasswordAnswerAttributes) at System.Web.Security.ActiveDirectoryMembershipProvider.GetUser(String username, Boolean userIsOnline) at System.Web.Security.Membership.GetUser(String username, Boolean userIsOnline) at System.Web.Security.Membership.GetUser(String username)
It seems like ASP.NET is initially successful in connecting to AD and authenticating. I can see the ldapUserAccount authenticating on the domain controller when I start the application. The errors appear to begin at the first page request after a long period of inactivity (typically overnight). My only guess at this point is that the ActiveDirectoryMembershipProvider is caching the AD connection somehow and the connection is getting corrupted. Once corrupted the provider doesn't seem to recover, and just throws the "server is not operational" errors on any subsequent requests. As I said before, restarting the application fixes this as the membership provider appears to have no problems creating a new AD connection after a restart.
Any suggestions would be greatly appreciated!
-Ian
FormsAuthentication Active Directory authentication Membership Provider Active Directory
Zhao Ji Ma -...
All-Star
23104 Points
2380 Posts
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
Apr 09, 2007 03:44 AM|LINK
Hi Ian,
Thanks for the post. Accroding to the Stack Trace. The ActiveDirectoryMembershipProvider thrown an COMException when the ASP.NET web application tried to bind to the Active Directory again after a long idle period.
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject()
Based on my understanding, DirectoryEntry is trying to re-bind to the server, so it is not using cached connection. However I think the problem might be the server is undergoing maintaince operation or restarting. Please check the Event Log of both Web Server and the Domain Controller if this is the problem. Moreover, the Event Log might provide more information. Hope it helps.Sincerely,
Microsoft Online Community Support
“Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
ian_a_anders...
Member
20 Points
17 Posts
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
Apr 09, 2007 01:37 PM|LINK
We have two Domain Controllers (Primary and Backup) at the facility where the ASP.NET server is located. Neither were undergoing maintenance at the time of this issue.
ian_a_anders...
Member
20 Points
17 Posts
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
Apr 09, 2007 01:49 PM|LINK
gooma
Member
4 Points
7 Posts
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
May 12, 2008 09:19 AM|LINK
Have u managed to fix this? I have exactly the same problem right now, only it happens faster.. within an hour or so.
zielin
Member
2 Points
1 Post
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
May 12, 2008 04:41 PM|LINK
I am seeing the same issue as well. It seems to be environmental as the problem appears in one client's environment, but not in the several other client environments we have the same component set up in. Any advice would be greatly appreciated.
ian_a_anders...
Member
20 Points
17 Posts
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
May 13, 2008 10:33 PM|LINK
I ended up opening an issue with MS Support on this and went through a couple rounds of debugging with them. There is definitely something wrong with the way the ActiveDirectoryMembershipProvider is working, but they didn't really figure out what. Basically they just had me workaround the issue by specifying the LDAP port (389) explicitly in the connection string:
LDAP://domain.subdomain.com:389/DC=domain,DC=subdomain,DC=com
It has worked fine for me ever since I added this to the connection string. Not sure why this fixes it... but it seems to be the solution.
Hope that helps!
-Ian
gooma
Member
4 Points
7 Posts
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
May 14, 2008 12:44 PM|LINK
It seems to work for me too! Thank you so much!! You just saved my life ;]
jagchamp
Member
2 Points
1 Post
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
Jun 13, 2008 08:53 PM|LINK
Ian, I cannot tell you how grateful I am that you posted this. One day my app just stopped working. The logs showed that I had the issue "cannot establish a secure connection to server"...after pulling ALL of my hair out and trying every tip that was listed for that error, I changed the ConnectionProtection to "None", and got the "Server not Operational" error... then I found your post. Very much appreciated!
cannot establish a secure connection to the server. server not operational
Jkutta
Member
2 Points
1 Post
Re: ActiveDirectoryMemberShipProvider and COMException (0x8007203A): The server is not operationa...
Oct 17, 2008 06:25 AM|LINK
I have run into this problem again. From my machine I don't run into this error. But when i upload the application to the webserver i get this error.
Both on my machine and on the server, the IIS runs under Network_Service Account.
My Machine runs on Vista and the Server on WIN2003.
Please Help.