Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Active Directory Authentication
-
I have installed ProGet using the integrated SQL database and its hosted on a Windows Server 2012 R2 machine on IIS. I am trying to get Active Directory with multiple domains working for authentication but I keep getting the error below.
Logged: 6/8/2016 11:01:24 AM
Level: Error
Category: HTTP
Message: An error occurred in the web application: The server is not operational.
Details:
URL: http://am-uslhi-ap-v12:81/0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.PrincipalPicker/FindPrincipals?directoryId=3&filter=jake.fellows%40hexagon&principalTypes=3&_=1465405168922
Referrer: http://am-uslhi-ap-v12:81/administration/security/privileges/add?directoryId=3&grantDeny=GUser: Admin
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Stack trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.GetNetbiosDomainName(String dnsDomainName)
at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.CreateSearcher(String domain)
at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.<FindPrincipalsInternal>d__24.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeList(JsonWriter writer, IEnumerable values, JsonArrayContract contract, JsonProperty member, JsonContainerContract collectionContract, JsonProperty containerProperty)
at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract, JsonProperty containerProperty)
at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value, Type objectType)
at Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value, Type objectType)
at Inedo.Web.Handlers.JsonDataHttpHandler.SyncHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)Is there a specific setting I need to adjust to get this working correctly?
Product: ProGet
Version: 4.0.15
-
The "server is not operational" is coming from within the AD library / COM components. It's basically just an unknown error.
It usually means that the service account user doesn't have permission to access the domain, or sometimes it just takes a restart of the server.
-
I was able to get the LDAP/Single domain authentication working by changing the account the ProGet service was running as but we need the domain forest authentication for our environment. This still fails to resolve any user accounts. We have tried all the configuration combinations when installing the ProGet service and have had no success. Can we get any more information on what ProGet is looking for when its attempting to contact the domain controller while using the domain forest directory option?
-
Sorry on the slow reply; this is extremely difficult to debug, because it involves a very complex set-up and expertise in undocumented LDAP/AD/NETBIOS conventions, as you might imagine…
The problem is that the underlying libraries are returning that useless “server not available” error when trying to lookup the NETBIOS doman name. Here is how that query is constructed.
private string GetNetbiosDomainName(string dnsDomainName) { string netbiosDomainName = string.Empty; DirectoryEntry rootDSE = new DirectoryEntry(string.Format("LDAP://{0}/RootDSE", dnsDomainName)); string configurationNamingContext = rootDSE.Properties["configurationNamingContext"][0].ToString(); DirectoryEntry searchRoot = new DirectoryEntry("LDAP://cn=Partitions," + configurationNamingContext); DirectorySearcher searcher = new DirectorySearcher(searchRoot); searcher.SearchScope = SearchScope.OneLevel; searcher.PropertiesToLoad.Add("netbiosname"); searcher.Filter = string.Format("(&(objectcategory=Crossref)(dnsRoot={0})(netBIOSName=*))", dnsDomainName); SearchResult result = searcher.FindOne(); if (result != null) { netbiosDomainName = result.Properties["netbiosname"][0].ToString(); } return netbiosDomainName; }Basically, it’s trying to enumerate all partitions and try to locate the netbiosname property. This is important to do because sometimes a credential will be sent to ProGet in a NETBIOSNAME\username or username@NETBIOSNAME format.
The failure could be happening in one of two places (where the Properties collection is accessed), but shouldn’t be happening in either. Any assistance in identifying this would be helpful.
We could just ignore this error, and assume that that a failed NETBIOSNAME resolution means the domain name is always the same, but we'd prefer not to just ignore errors like this...