Forums / Set-up & Installation / Active Directory - Directory Service Unavailable

Active Directory - Directory Service Unavailable

8 posts, 0 answered
  1. Garry
    Garry avatar
    52 posts
    Registered:
    04 Nov 2010
    18 Mar 2009
    Link to this post
     I am trying to implement the Active Directory connection from my development laptop which is not a member of the Domain. Are there other security settings I need to setup in order to get this to work? I did input the administrator account for the domain as the AD Providers credentials. Also the documentation that I found is for the Role Provider. Do I also need to setup a Membership Provider so my AD users can logon using their AD accounts?

    Server Error in '/KCDCCMS' Application.

    The directory service is unavailable.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Runtime.InteropServices.COMException: The directory service is unavailable.


    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [COMException (0x8007200f): The directory service is unavailable.
    ]
       System.DirectoryServices.ResultsEnumerator.MoveNext() +437040
       System.DirectoryServices.DirectorySearcher.FindOne() +194
       Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetRolesForUser(String user) +2851
       System.Web.Security.RolePrincipal.GetRoles() +226
       Telerik.Security.UserManager.GetCurrentUserRoles(String providerName) +220
       Telerik.Security.Permissions.ApplicationPermission.CheckDemand() +577
       Telerik.Cms.Web.CmsHttpModule.context_PostAuthenticateRequest(Object sender, EventArgs e) +1294
       System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
    


    Version Information: Microsoft .NET Framework Version:2.0.50727.3074; ASP.NET Version:2.0.50727.3074
  2. Vlad
    Vlad avatar
    498 posts
    Registered:
    24 Sep 2012
    22 Mar 2009
    Link to this post

    Hi Garry,

    Yes, if you have set the AD role provider, you should also set the AD membership provider, because they are a pair. Actually, you can have a membership provider without its role provider, but not vice versa.

    Please look at the following KB:  Working with multiple membership and role providers.

    You may also find this forum post useful: Sitefinity with Active Directory integration.


    Greetings,

    Vlad
    the Telerik team

    Check out Telerik Trainer , the state of the art learning tool for Telerik products.
  3. Garry
    Garry avatar
    52 posts
    Registered:
    04 Nov 2010
    31 Mar 2009
    Link to this post
    I have now setup both role and membership providers and have copied the site out to my live domain member web server and I am still getting the following error when logging in as a domain user.  It does appear to be something to do with the Role Provider though.

    As I was typing this I noticed I had no AD role provider setup on the other site so I commented out the one for Sitefinity and now I can get logged in, but none of my AD users have access to the administration pages. How do I give them rights to these pages if I have no Group Maps setup?

    Server Error in '/' Application.

    The directory service is unavailable.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Runtime.InteropServices.COMException: The directory service is unavailable.

    Membership provider
    <add name="AD" 
                   connectionStringName="ActiveDirectory" 
                   enableSearchMethods="true" 
                   attributeMapUsername="sAMAccountName" 
                   connectionUsername="KCDC\Administrator" 
                   connectionPassword="******" 
                   type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security" /> 
    Role Provider
    <add name="AD" 
                      applicationName="/" 
                      description="Telerik Role provider for Active Directory" 
                      authenticationType="Secure" 
                        userSearchFilter="((sAMAccountType=805306368)(sAMAccountName={0}))" 
                      roleSearchFilter="((objectClass=group)(sAMAccountName={0}))" 
                      userDefinitionFilter="sAMAccountType=805306368" 
                      groupDefinitionFilter="(objectClass=group)" 
                      connectionStringName="ActiveDirectory" 
                      type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security" 
                      connectionUsername="kcdc\Administrator" 
                      connectionPassword="*******" 
                      groupMaps="Administrators,Domain Admins" 
                      domainName="kcdc.org" 
                      searchScope="subtree"/> 
    AD Connection String
    <add name="ActiveDirectory" connectionString="LDAP://kcdc.org"/> 

    Any ideas as to why I am getting this error. I have another site running that works fine with AD on this same webserver. Its web.config sections look like this.

    Membership Provider
    <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,  
                 Culture=neutralPublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"  
                 connectionUsername="KCDC\Administrator" 
                 connectionPassword="*******" 
                 enableSearchMethods="true" 
                 connectionProtection="None"/> 

    AD Connection String (I tried this one as well with Sitefinity)
    <add name="ADConnectionString" connectionString="LDAP://kcdc.org/DC=kcdc,DC=org"/>  
         
  4. Garry
    Garry avatar
    52 posts
    Registered:
    04 Nov 2010
    31 Mar 2009
    Link to this post
    OK sorry for wasting everyone's time, but after monkeying with the Role Provider a bit more I got everything to work beautifully. Mainly I went back to the developer documentation and re-copied and pasted the Role Provider sample in there. Below is my now working Role Provider.

    If nothing else maybe this thread can serve as a stepping stone for others.

    Thanks and Sorry!

    Working Role Provider
    <add name="AD" 
                applicationName="/" 
                description="Telerik Role provider for Active Directory" 
                authenticationType="Secure" 
                  userSearchFilter="(&amp;(sAMAccountType=805306368)(sAMAccountName={0}))" 
                roleSearchFilter="(&amp;(objectClass=group)(sAMAccountName={0}))" 
                userDefinitionFilter="sAMAccountType=805306368" 
                groupDefinitionFilter="(objectClass=group)" 
                 
                connectionStringName="ActiveDirectory" 
                type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security" 
                connectionUsername="KCDC\Administrator" 
                connectionPassword="*******" 
                groupMaps="Administrators, Domain Admins" 
                domainName="telerik.com" 
                searchScope="subtree"  /> 
  5. Georgi
    Georgi avatar
    3581 posts
    Registered:
    24 Sep 2012
    31 Mar 2009
    Link to this post
    Hello Garry Clark,

    Thank you for your follow up!
    Indeed, I believe it will be helpful for somebody else.

    Greetings,
    Georgi
    the Telerik team

    Check out Telerik Trainer , the state of the art learning tool for Telerik products.
  6. Garry
    Garry avatar
    52 posts
    Registered:
    04 Nov 2010
    31 Mar 2009
    Link to this post
    Georgi,
    Thank you for replying, but as always I think I get over excited and reply to things to quickly so apologies again. I am having another issue and I am not quite sure if its an issue or expected behavior.  I could not find anything anywhere, documentation or website, that explained exactly what functionality with Active Directory is expected or available.

    I do know I think I read somewhere that creating users and what not is not available, but when I click on Users under Administration I get the following error.

    Server Error in '/' Application.

    The server is not operational.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Runtime.InteropServices.COMException: The server is not operational.


    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [COMException (0x8007203a): The server is not operational.
    ]
       System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +377678
       System.DirectoryServices.DirectoryEntry.Bind() +36
       System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
       System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
       System.DirectoryServices.DirectorySearcher.FindOne() +47
       Telerik.Security.ActiveDirectory.TelerikADRoleProvider.RetrieveUserFromDN(String dn) +346
       Telerik.Security.ActiveDirectory.TelerikADRoleProvider.GetUsersInRole(String roleName) +564
       Telerik.Security.UserManager.GetUsersInRole(String roleName) +62
       Telerik.Security.UserManager.GetRoles() +167
       Telerik.Security.WebControls.RolesDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +64
       System.Web.UI.WebControls.Repeater.GetData() +35
       System.Web.UI.WebControls.Repeater.CreateControlHierarchy(Boolean useDataSource) +220
       System.Web.UI.WebControls.Repeater.OnDataBinding(EventArgs e) +51
       System.Web.UI.WebControls.Repeater.DataBind() +75
       System.Web.UI.WebControls.Repeater.EnsureDataBound() +55
       System.Web.UI.WebControls.Repeater.OnPreRender(EventArgs e) +15
       System.Web.UI.Control.PreRenderRecursiveInternal() +80
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Control.PreRenderRecursiveInternal() +171
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842
    


    Version Information: Microsoft .NET Framework Version:2.0.50727.3082; ASP.NET Version:2.0.50727.3082


    I did a bunch of research on this error in relation to AD and it seems to be a connection string issue, which seems to be working, or a DNS problem which all my tests show that not to be the case. I also verified that port 389 is open.

    So I started thinking that this function just might not work with Sitefinity, but I wanted to make sure. If I am supposed to be able to look up users through the Sitefinity Administration then can you give me some hints about this error? Also can you direct me to the documentation on what functionality is available with the Sitefinity AD Provider?

    Thank you and I promise to be more thorough before posting next time.


  7. Ivan Dimitrov
    Ivan Dimitrov avatar
    16064 posts
    Registered:
    24 Sep 2012
    02 Apr 2009
    Link to this post
    Hello Garry Clark,

    Generally the error could be thrown when there is no response from the requested server. DNS could be the issue, also some network restrictions. You may find the following article useful http://support.microsoft.com/kb/837328

    Here are some links related to Implementation of AD in Sitefinity.

    http://www.sitefinity.com/help/developer-manual/active-directory.html
    http://www.sitefinity.com/help/developer-manual/membership-providers.html
    http://www.sitefinity.com/help/developer-manual/implementing-multiple-membership-providers.html
    http://www.sitefinity.com/help/developer-manual/telerik.security-telerik.security.activedirectory.telerikadprofileprovider_methods.html

    I hope this helps.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer , the state of the art learning tool for Telerik products.
  8. Matthew Miller
    Matthew Miller avatar
    1 posts
    Registered:
    09 Dec 2009
    19 May 2010
    Link to this post
    I had the same problem in a demo environment. I have a virtual machine running Sitefinity and another running Active Directory.  I could browse AD (using LDAP Browser) without difficulty from the Sitefinity VM, and I could authenticate against it with Sitefinity, but I could not get Sitefinity to browse the list of Users without the above error. The trick for me -- and a hat tip to Georgi Chokov for figuring this out -- was adding the domainName as an IP address:

          <add name="Sitefinity"
                   applicationName="/"
                   description="Telerik Role provider for Active Directory"
                   authenticationType="Secure"
                     userSearchFilter="(&(sAMAccountType=805306368)(sAMAccountName={0}))"
                   roleSearchFilter="(&(objectClass=group)(sAMAccountName={0}))"
                   userDefinitionFilter="sAMAccountType=805306368"
                   groupDefinitionFilter="(objectClass=group)"
              
                   connectionStringName="ActiveDirectory"
                   type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security"
                   connectionUsername="Administrator"
                   connectionPassword="Password!"
                   groupMaps="Domain Admins,Sales,Marketing"
                   domainName="192.168.1.112"
                   searchScope="subtree"         
    />

    In this case, the Sitefinity instance is not part of the same domain as the machine running Active Directory.

    I hope this helps!
Register for webinar
8 posts, 0 answered