tags:

views:

792

answers:

5
+2  Q: 

ActiveDirectoryMembershipProvider "The specified domain or server could not be contacted."

I have an application that is using ActiveDirectoryMembershipProvider to grant access to users. The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller.

We've opened the LDAP port to the DC on the inside network - yet no matter what we try, we end up with an error that says "The specified domain or server could not be contacted."

Does anyone have any suggestions on how I can resolve this? We've tried everything we can think of and just aren't getting anywhere.

My connection string is:

<add name="ADConnectionString"
    connectionString="LDAP://10.5.3.7:389/DC=MyTestDomain,DC=local"/>

And my provider is:

<add name="ActiveDirectoryMembershipProvider"
    type="System.Web.Security.ActiveDirectoryMembershipProvider"
    connectionStringName="ADConnectionString"
    attributeMapUsername="SAMAccountName"
    connectionProtection="None"
    connectionUsername="LdapUser"
    connectionPassword="LdapPassword"   />
A: 

Have you tested with an LDAP browsing tool, from the remote box to see if it can connect with the criteria being used here? I.e. Is it a connectivity problem or something else?

geoffc  2009-08-13 00:58:02
Yes - we are able to query using an LDAP tool using the same information. This is baffling me. One strange thing that I did notice is that the AD Membership Provider tries to get the NetBIOS name of the server that you're connecting to (dug this up with reflector) - and that during that there's a try/catch that throws the exact message that we're getting. Not sure why the provider thinks it needs the server's netbios name.
Scott Ivey  2009-08-13 01:48:06
A: 

It seems like the solution is to open port 445.

Read this thread

We're not allowed to open so I guess I'm stuck.

Jens  2009-08-21 12:48:04
A: 

Microsoft have an MSDN KB about this: http://support.microsoft.com/kb/179442

Chris J  2009-09-14 12:53:40
thanks for the answer, @rangerchris - but that doesn't directly address my issue. We've opened the LDAP and NETBIOS ports specified in that post, still no luck.
Scott Ivey  2009-09-14 19:40:55
A: 

You can use this two articles, may be solve your problem

www.ddj.com/windows/184406424

forums.asp.net/t/1408268.aspx

and check your firewalls

emdadgar2  2009-09-16 12:43:23
+1  A: 

You said "The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller." Since you could query directly using an LDAP tool, that suggests that the firewall is open correctly. However, keep in mind that the ActiveDirectoryMembershipProvider is not using plain old LDAP--it's using Micro$oft technologies. For example, if you set connectionProtection="Secure", ADMP will try using SSL and port 636, if that fails, it will use Microsoft's built-in IPSec signing (see this article for more details).

Anyway, this makes me wonder about a couple things:

  1. Does the AD domain have an IPSec "required" policy which refuses connections from non-domain/non-configured computers? (Probably not, since you connected with plain LDAP, but it's worth investigating.)
  2. Have you added the domain controller's NetBIOS name to your lmhosts file, and its DNS name to your hosts file? (Many protocols check that their target's reported name matches the name you tried to connect to.)
  3. A lot of people have noted problems using ADMP between different domains, and the solution required that a one-way trust be created. Since it sounds like your client computer is not in a domain, you can't have that trust--unless either (a) it is a member of a different domain with a one-way trust or (b) it is a member of the same domain and thus client-server trust is implicit.
ewall  2009-09-16 14:19:33

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps