PrincipalContext not connecting

Question

I am attempting to use PrincipalContext for a webservice that I am developing. I have already been using forms authentication on the web server in a different application and it works fine.

The error that I am recieving is :

System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
   at System.DirectoryServices.Protocols.LdapConnection.Connect()
   at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, String userName, String password)
   at webService.Service1.ValidUser(String sUserName) in E:\Development\CSharpApps\Desktop\OrgChart\webService\Service1.asmx.cs:line 158

Our webserver is in the DMZ and accesses the domain through the firewall. I am using the port information etc as below for an example.

This works using the ip from my development box, however it is inside the firewall. The ip information that I am sending to it is the same as I am using inside the web forms authentication.

 PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "192.168.1.1:389", "dc=doodlie,dc=com",@"doodlie\admin","doodliesquat");

Answer 1

Maybe I'm missing something, but you don't actually have to specify the AD server, you can simply say:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

And it should find whatever DC on the application's current domain that it can find. If it is a network with fault-tolerance, when one is down, the other should pick up. I'm not sure why there would be a reason to hit one, specifically, like the code in the original question does, unless it is on a different domain. If that is the case, you can try hosting your web service on that domain, instead, and use DNS and a forwarder to call/route over to your web service's new IP on the new domain, if needed, or use a Hosts file entry, or just refer to the web service by IP.

Answer 2

Regardless of the issue, installing some of these invaluable tools for AD admin/troubleshooting have been a god send for me.

If possible install Remote Server Administration Tools (RSAT) on your machine/ or the web server (if allowed) and then use Active Directory Users and computers client to determine the exact URL/ip of your DC. If you can't connect using these tools that might be a starting point to escalate to IT support/dev ops

In addition to this the AD/service account the website application is running under may not have sufficient privileges to access the DC. I have had success with

using (HostingEnvironment.Impersonate())
{
    // code in here. 
}

The App Pool the website application is running under in IIS should be run under a user account which has appropriate privileges. (Doesn't just have to be network service)

Answer 3

In my case removing port number from url worked