2

We have a winforms application that gets the groups from the active directory. Now everything worked fine till we have exchanged the old domaincontroller with a new one.

Since then, our application throws an exception when the method UserPrincipal.GetGroups() is called. The Exception is thrown because it tries to connect to the old DC.

The Exception message translated:

The Server is not operational surottdc04.TOSOT.CH

Does anyone have any idea, if the old dc-information is cached somewhere or where does the application get the old information?

In the following screenshot, you can see the code-section where the Exception is thrown:

enter image description here

As you can see, in the watch window, there is the correct new DC surottdc06, this was propably taken from the context of the current logged user. But in the Exception, there is still the old DC surottdc04, why?

UPDATE

So far we have found out that when we pass the context as paramter to the method, then it works but without the context, the method tries to connect to the old DC.

This is one possible solution, but the question is still, where does the method get the old DC information and tries to connect there, when the method is called parameterless?

public void GetGroups()
{

    var sid = WindowsIdentity.GetCurrent().User.Value;

    using (var context = new PrincipalContext(ContextType.Domain, "tosot.ch"))
    {
        using (var userPrinciple = UserPrincipal.FindByIdentity(context, sid))
        {
            /*
                * this works, we just pass the context which we've used to 
                * create the UserPrincipal instance again to fetch the groups
                */
            var ret = userPrinciple.GetGroups(context);


            /*
                * this works NOT: when calling without context argument,
                * it seems, the context used is not the same 
                * as the userPrinciple instance is linked to.
                * Instead it uses a selfmade context with an yet exsting,
                * but currently not online domain controller - why that??
                * (this 'old' domain controller is currently not running, 
                *  but it's yet not removed from the domain ...)
                */
            ret = userPrinciple.GetGroups();
        }
    }
}
Leon
  • 443
  • 5
  • 19
  • Can you please provide the exception messages in English? – JelleKerkstra May 02 '19 at 08:29
  • 1
    @JelleKerkstra I have updated it in my post – Leon May 02 '19 at 08:31
  • The COMException description "Der Server ist nicht funktionstüchtig" might also correspond to the "The server is not operational" exception text in English – user1470240 May 03 '19 at 06:44
  • 1
    @user1470240 yes this would match better then functional, i will edit my post, thank you. – Leon May 03 '19 at 06:48
  • Is the computer you are running this on joined to the old domain? – Gabriel Luci May 08 '19 at 13:26
  • 1
    @GabrielLuci The domain did not change, only the domaincontroller changed. And the user that is logged on the computer is in the new domaincontroller, otherwise the user could not log in, because the old dc is offline. – Leon May 08 '19 at 13:45
  • If you pass context into GetGroups method, you get only groups containing in domain associated with context. Sometime user may has groups that containing in other domains. How will you deal with it? – Interloper Sep 27 '19 at 09:20

1 Answers1

0

My guess is that DNS is still returning the IP of the old DC.

From the command line, run:

nslookup tosot.ch

Do you see the IP for surottdc04? If so, that's your problem.

I have experienced this problem, although I have never been in a position to fix it. These instructions might help, but it looks like an old article so it may not be done the same way anymore: https://support.microsoft.com/en-us/help/555846

Update: Or you can use C# to see what DCs it sees for the current domain. See if the old one still shows up:

foreach (DomainController dc in Domain.GetCurrentDomain().DomainControllers) {
    Console.WriteLine(dc.Name);
}
Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84