ADsDSOObject - Provider error '80040e37'

Posted on 2006-04-17
Last Modified: 2010-08-05
When I try to do an AD lookup I get the error:

Provider error '80040e37'
Table does not exist.

If I access the page from the server it works just fine, but if I access it from a client computer it does not work.  I have tried accessing it as both administrator and a regular user from both the server and the client computer.  I move the script to another server and it works like it is supposed to.  Is there some policy somewhere that would block remote sessions from this?  I have provided some of the code snippets that are relevant the page is over 500 lines of code so I am condensing.

' First, need to discover the local global catalog server
Set objADsRootDSE = GetObject("LDAP://RootDSE")

' Form an ADsPath string to the DN of the root of the Active Directory forest
strADsPath = "LDAP://" & objADsRootDSE.Get("DefaultNamingContext")

' Wrap the ADsPath with angle brackets to form the base string
strBase = "<" & strADsPath & ">"
' Release the ADSI object, no longer needed
Set objADsRootDSE = Nothing
'  Specify the LDAP filter First, indicate the category of objects to
' be searched (all people, not just users)
strObjects = "(objectCategory=person)"

' Strip the domain part
strName = Right(Request.ServerVariables("AUTH_USER"), Len(Request.ServerVariables("AUTH_USER")) - InSt(Request.ServerVariables("AUTH_USER"), "\"))

' Add the two filters together
strFilter = "(&" & strObjects & "sAMAccountName=" & strName & ")"

'  Set the attributes we want the recordset to contain.  We're interested in
' the common name and telephone number
strAttributes = "cn, adspath"

' Specify the scope (base, onelevel, subtree)
strScope = "subtree"

' Create ADO connection using the ADSI OLE DB provider
Set cnnADOConnection = Server.CreateObject("ADODB.Connection")
cnnADOConnection.Open "Provider=ADsDSOObject"

' Create ADO commmand object and associate it with the connection
Set cmdADOCommand = Server.CreateObject("ADODB.Command")
cmdADOCommand.ActiveConnection = cnnADOConnection

' Create the command string using the four parts
cmdADOCommand.CommandText = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope

' Execute the query for the user in the directory
Set rstADORecordset = cmdADOCommand.Execute
Question by:icfire
    LVL 15

    Expert Comment

    If your web application uses Windows Integrated authentication AND your webserver is NOT a domain controller then I suspect that you've encountered the known 'delegation' limitation of Windows Integrated authentication.

    For various technical reasons (that I won't bother describing here) IIS is unable to pass on end-user credentials to other machines when using Windows Integrated authentication. In the situation that I describe above (ie. you're using Windows Integrated auth AND the IIS box is not a domain controller) IIS would be unable to access the AD because it must access this on another machine (ie. a domain controller).

    But this limitation doesn't exist (again, for technical reasons that I won't go into here) if you access your web app directly on the IIS machine.

    You mentioned that your ASP page works when accessing it directly on the server, and this is what made me think that you have a 'delegation' issue.

    So my questions are: Are you using Windows Integrated authentication? Is the IIS machine a domain controller?
    LVL 2

    Author Comment

    Yes I am using Windows Integrated Authentication and no the computer is not a DC.  If I switch to basic authentication and put in my logon credentials every time I access the site then it works fine.  How do I set the computer for delegation so I can use Integrated Authentication and not have to logon every time I hit the site?

    LVL 15

    Accepted Solution

    > How do I set the computer for delegation so I can use Integrated Authentication
    > and not have to logon every time I hit the site?

    Well I think you've isolated the source of your problem, so now for the solution...

    I was in your exact situation a few months ago and, despite reading billions of websites and following MS's suggestions, I simply could not get delegation to work. In the end I had to upgrade the IIS machine to become a Domain Controller.

    So that's a guaranteed solution, even if it ought not to be necessary.

    If that's not possible then you'll have to see if you can configure the servers to use delegation. There are LOTS of websites that cover the basics of delegation but there are a couple of things that I found that aren't covered in as much depth.

    Authentication issues when your host header name differs from the servers netbios name:

    How to configure a SPN and ensure that your web app is using NTLM:

    Various Q and A's when using NTLM:

    But, like I said, despite days of mucking around I couldn't get this to work. If you do manage to configure the servers for delegation then I for one would love to hear how you did it, so please post back here.

    If you can't get delegation to work then I think that the only option is to make sure the IIS machine is a DC.
    LVL 2

    Author Comment

    Sorry about that.  the steps did work, I was just impatient for the changes to get migrated across the domain.  I would make the changes and then try it and expect it to work, when in reality I should have made the changes waited for the domain replication to happen and then tried it.  It was a patience thing for me.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
    This demonstration started out as a follow up to some recently posted questions on the subject of logging in: and…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now