adding more info on @serialhobbyist's request
hi all. we're (= me and my colleagues) using PrincipalContext from System.DirectoryServices.AccountManagement to retrieve some authentication info (make sure a user belongs to a group etc).
Important: our client is a service running as LocalSystem. this does not happen when we run in a normal process or when we change the service to run as a specific user
here's a code sample:
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain))
{
Principal p = Principal.FindByIdentity(ctx,IdentityType.Sid, sid);
...
}
normally all works well (getting replies). once in a few hours (the trigger is not clear), or after a network disconnect and reconnect, (when our AD client disconnects, via network cable disconnect or VM adapter disable etc) we're getting this exception:
System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable``1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
searched for the exception (0x80072020), I see it translates to LDAP_OPERATIONS_ERROR
(actually used as a code value translation example here :) )
we inspected the traffic using wireshark and the exception is thrown before any LDAP query is sent.
after re-starting our process everything is back to normal (can validate successfully, no exceptions).
can anybody shed light on the matter? any ideas how to achieve the equivalent the cleanups done on process termination?
thanks!
update: we've found a way around this, will supply answer below. however, we'd rather find a simpler solution.