Why would my ASP.NET application, running as a domain user, require a restart to use PrincipalContext after an Active Directory issue?

Question

I have a ASP.NET 4.5 application that runs in an application pool with a particular domain user name and password. It's been working fine for months. A few days ago, there was an Active Directory issue whose details remain unknown to me, but my application users reported around the time of the issue that they were unable to use the application.

The AD issue was eventually "resolved," but the users still could not use the application - until I recycled the application pool.

Before the recycle, I was catching this first-chance exception:

System.Runtime.InteropServices.COMException (0x8007052E): The user name or password is incorrect.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

After the recycle, I stopped seeing this exception.

The exception itself was being generated by a call to PrincipalContext.FindByIdentity that was failing until I recycled the app pool.

Why on Earth would an app pool recycle change the behavior of PrincipalContext if the app pool credentials didn't change?

Answer 1

App Pools using domain accounts work with the AD domain controllers to validate the domain user.

Since we don't know what happened in your Company with AD we can't definitively say why. We can only assume or conjecture that it appears to have caused this to go wrong.

Resetting the pool after AD was happy again reset this magic. Magic - as in I don't actually know under the hood mechanics but the app pool relies on AD to authenticate the domain user.

Your default app pool recycle time of 29 hours would have eventually fixed it as well. You just did this yourself.