UserPrincipal.FindByIdentity throws PrincipalServerDownException

StackOverflow https://stackoverflow.com/questions/16173184

Question

I have an application that needs to bind against a remote customer's Active Directory to perform authentication tasks. 

using (var ctx = new PrincipalContext(ContextType.Domain, "customer.org", "ou=people,dc=customer,dc=org", ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind, "bindaccount@customer.org", "password"))
{
   var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username); // after several seconds, throws PrincipalServerDownException

   if (user == null) return null; // user doesn't exist

   // check if the account is locked out, etc. (omitted)   

   // quickly validate credentials
   if (!ctx.ValidateCredentials(username, password, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind)) return null; // bad credentials

   return user;   
}

The exception is:

PrincipalServerDownException: The server is not operational.

at System.DirectoryServices.AccountManagement.ADStoreCtx.GetAsPrincipal(Object storeObject, Object discriminant)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRefHelper(Type principalType, String urnScheme, String urnValue, DateTime referenceDate, Boolean useSidHistory)
at System.DirectoryServices.AccountManagement.ADStoreCtx.FindPrincipalByIdentRef(Type principalType, String urnScheme, String urnValue, DateTime referenceDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)

Until today, things were working fine. One change is that the application running this code was upgraded from 4 to 4.5. I can't say for sure if the problem occurred immediately after the upgrade, or it's just a coincidence.

I'd been using AdFind to test binding against the customer's AD, and it seems to be working fine.

Another interesting thing is that the PrincipalContext initializes just fine (and thus validates its connection against the remote store), and if I comment out the FindByIdentity call so just ctx.ValidateCredentials is called, that works fine, too.

Was it helpful?

Solution

Actually 4.5 might well be the Problem. There have been some changes to "secure" UerPrincipal.FindByIdentity. They tend to break code in cross Domain and workroup => Domain Scenarios.

You have at least two possibilities:

  • Revert to 4.0
  • Use DirectoryEntry instead
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top