LDAP authentication failing from web page

iamuser
iamuser used Ask the Experts™
on
on one of my web sites I set LDAP authentication via a LDAP query to my domain DC. if i go and log into the default main page authentication seems to work fine. If i go into a sub page containing a .aspx file authentication will fail

I get this message

Exception information:
    Exception type: System.DirectoryServices.AccountManagement.PrincipalServerDownException
    Exception message: The server could not be contacted.

Inner exception information (level 1):
    Exception type: System.DirectoryServices.Protocols.LdapException
    Exception message: The LDAP server is unavailable.
 
The only place where the LDAP string is declared is via the web.config file.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
btanExec Consultant
Distinguished Expert 2018

Commented:
I presume port 445 is already open for LDAP otherwise you see this exception. Also use of LDAPConnection class required DNS to connect to LDAP. Likewise, if impersonating user identity is used in order to connect to the LDAP, and if this user is not available in the active directory of that domain hosting the server content then an exception is thrown.

See (pertaining to DNS resolution) -
Users would randomly get this message when they Login, it was driving me crazy. I think I have fixed this problem by providing the full windows name and port instead of just using the AD server hostname.
<add key="LDAPPath" value="LDAP://LDAPSERVER.be.ndl.OURDOMAIN.com:389/DC=be,DC=ndl,DC=OURDOMAIN,DC=com"/>
See (pertaining to LDAP port) -
the error is fixed.
And yes it was a firewall problem. Our infrastructure guys checked our firewall to our data centre and all port needed were open. But ... there was another firewall. When we opened ldap-ssl and 445 the issue was solved.
Tip. I also added logging on the AD server. You can do this using the registry:
http://support.microsoft.com/kb/314980
https://social.msdn.microsoft.com/Forums/en-US/90a0578d-1d38-4190-88c1-92f93d2f1b8b/exception-using-activedirectorymembershipprovider-the-specified-domain-or-server-could-not-be?forum=netfxnetcom
Commented:
It took a while but the problem has been resolved. It turns out that the DNS forwarder was pointed to the wrong DC on the web server side.

Author

Commented:
We never though to look at DNS for the cause

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial