2

I'm using Active Directory and Forms Authentication to log into a few of our intranet websites. Sometimes when users log in, an exception occurs. I receive an email on all exceptions and so far, this is the only exception that I don't know how to fix. I have researched this on and off for weeks, but I have had no luck in solving this problem.

Source:
System.DirectoryServices.Protocols

Date and Time:
01/06/2014 8:37 AM

Message:
The server is unavailable.

Stack Trace:

at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at System.Web.Security.ActiveDirectoryMembershipProvider.ValidateCredentials(String username, String password)
at System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUserCore(String username, String password)
at System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUser(String username, String password)
at System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e)
at System.Web.UI.WebControls.Login.AttemptLogin()
at System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

User:

Browser Information:

Browser Capabilities, Type = IE8, Name = IE, Version = 8.0, Major Version = 8, Minor Version = 0, Platform = WinXP, Is Beta = False, Is Crawler = False, Is AOL = False, Is Win16 = False, Is Win32 = True, Supports Frames = True, Supports Tables = True, Supports Cookies = True, Supports VBScript = True, Supports JavaScript = 3.0, Supports Java Applets = True, Supports ActiveX Controls = True, Supports JavaScript Version = 1.5,

I am unable to replicate this error on the development server. It's strange, because it will throw the exception, then they can log in just fine after. Some days I don't receive this exception at all, and other days it's off the wall. Could this be a problem with the production server? Possibly a setting is missing or something? I really don't know what's going on with this one. Does anyone have experience with this?

This is how I'm connecting in the web.config

Connection string

<add name="ADService" 
     connectionString="LDAP://domain/OU=users,DC=domaincontroller,DC=net" />

Membership provider

 <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear />
        <!--Membership provider for Active Directory-->
        <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,  System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="ADService" attributeMapUsername="sAMAccountName" />
      </providers>
    </membership>

I'm not sure what's going on. Any help is appreciated!

UPDATE: We are currently doing a big release that includes a Single Sign On. We are still using Forms Authentication and Active Directory. We set up a brand new production server. It hasn't went live yet, but some people have access to it. I have already received the same message on this new server. It's Server 2008 R2 Standard. We are using IIS Version 7.5.7600.16385 to be exact. This exception is annoying for me and annoying for the users. It may not happen all the time on the current production but some days it doesn't happen once (not sure if it's because it's a slow day and people aren't using the website) and then some days it happens like crazy and I can get about 15 to 20 of theses exceptions. (if not more) I have looked at multiple issues. Others have had a similar problem but theirs occur when they enter the correct username but wrong password. I have tried entering the password in wrong hundreds of times but I could never replicate the problem.

Improve this question
6
  • Can you post the source code and include the try/catch that emails you on the failure? Commented Jan 29, 2014 at 20:18
  • It's an unhandeled exception. I have all emails sent in application error. I'm not even sure where I'd but a try catch as I have placed one in the submit button. Commented Jan 30, 2014 at 1:10
  • Are you using something like <asp:Login ID="Login1" runat="server"OnAuthenticate="Login1_Authenticate" If so we should be able to delve into your OnAuthenticate to trap the specific errors a little better. Commented Jan 30, 2014 at 15:06
  • Ohh creative. Didn't think about that. I'll definitely implement this from here on out. So far, with the help of SoroTrestal and his idea to add the port number, I haven't received this error message in over 24hrs. Will report back after the 2 day period to confirm this was the fix. Thank you for the idea and help as well. Commented Jan 30, 2014 at 15:19
  • We have the same problem. Are all of your servers that call the ldap server on the same domain as the ldap server? Commented Sep 5, 2014 at 12:59

3 Answers 3

Reset to default
2
+50

Hi I had this problem also in my Application.

Users would randomly get this message when they Login, it was driving me crazy.

I think I have fixed this problem by providing the full windows name and port instead of just using the AD server hostname.

<add key="LDAPPath" value="LDAP://LDAPSERVER.be.ndl.OURDOMAIN.com:389/DC=be,DC=ndl,DC=OURDOMAIN,DC=com"/>

I hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I have not tried the port idea yet. I'm going to give :636 a shot since it's the secure port. Just uploaded the newest release so hopefully this works.
It's been over 48 hours now and I have not been notified of this error message. I think the problem as been solved!
That is great news, i'm glad it helped you out.
Looks like I spoke too soon. Woke up this morning with multiple server unavailable errors. I will try the entire active directory string to see if that fixes the problem.
Could someone help me with these parameters? What is "DC" and how do I specify it? Above it is used 4 times (i.e. DC=be,DC=ndl,DC=OURDOMAIN,DC=com). I need to connect to "domain1.gov". Would I use DC=be,DC=ndl,DC=DOMAIN1,DC=gov?
0

Just a thought - not sure if that's really the problem, but try it.

The Users container in Active Directory is a generic container (and those are prefixed with a CN= - not an organizational unit (prefixed with OU=) - so try this config:

connectionString="LDAP://domain/CN=users,DC=domaincontroller,DC=net"
Improve this answer

2 Comments

I'll give it a shot on the next release. Thanks for the idea.
It doesn't look like that will work. We use OU=stores and as far as I know the connection string will search for all users in that OU (the way the AD is set up, each store has their own OU with users within them). Thanks for the idea though!
0

I just had this same issue. I jumped onto the DNS server and found there was this warning logged at the time I was having the issue:

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

After I finished my troubleshooting, I was able to login to my ASP.NET webapp using AD credentials. Methinks it's an issue with DNS server being unable to start until the Active Directory Domain Services initial synchronisation is complete.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.