LDAP authentication failing from web page

on one of my web sites I set LDAP authentication via a LDAP query to my domain DC. if i go and log into the default main page authentication seems to work fine. If i go into a sub page containing a .aspx file authentication will fail

I get this message

Exception information:
    Exception type: System.DirectoryServices.AccountManagement.PrincipalServerDownException
    Exception message: The server could not be contacted.

Inner exception information (level 1):
    Exception type: System.DirectoryServices.Protocols.LdapException
    Exception message: The LDAP server is unavailable.
 
The only place where the LDAP string is declared is via the web.config file.
iamuserAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
I presume port 445 is already open for LDAP otherwise you see this exception. Also use of LDAPConnection class required DNS to connect to LDAP. Likewise, if impersonating user identity is used in order to connect to the LDAP, and if this user is not available in the active directory of that domain hosting the server content then an exception is thrown.

See (pertaining to DNS resolution) -
Users would randomly get this message when they Login, it was driving me crazy. I think I have fixed this problem by providing the full windows name and port instead of just using the AD server hostname.
<add key="LDAPPath" value="LDAP://LDAPSERVER.be.ndl.OURDOMAIN.com:389/DC=be,DC=ndl,DC=OURDOMAIN,DC=com"/>
See (pertaining to LDAP port) -
the error is fixed.
And yes it was a firewall problem. Our infrastructure guys checked our firewall to our data centre and all port needed were open. But ... there was another firewall. When we opened ldap-ssl and 445 the issue was solved.
Tip. I also added logging on the AD server. You can do this using the registry:
http://support.microsoft.com/kb/314980
https://social.msdn.microsoft.com/Forums/en-US/90a0578d-1d38-4190-88c1-92f93d2f1b8b/exception-using-activedirectorymembershipprovider-the-specified-domain-or-server-could-not-be?forum=netfxnetcom
iamuserAuthor Commented:
It took a while but the problem has been resolved. It turns out that the DNS forwarder was pointed to the wrong DC on the web server side.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
iamuserAuthor Commented:
We never though to look at DNS for the cause
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.