locked
DirectorySearcher wired behavior "server is not operational" RRS feed

  • Question

  • User-1153357289 posted

    Hi All

    i'm experiencing very wired behavior while using the DirectorySearcher class throwing  "Server is not operational"  exception

    while trying to get groups for LDAPs. ( this is a web application using .net 4.5)

    there are 2 call the the LDAP :

    1.getting the domain controllers - works always

    2.getting the domain groups - which fails for some customers

    this is code sample the runs for getting the ldap groups

    using (DirectoryEntry entry = new DirectoryEntry("LDAP://thedomain.com:636/dc=thedomain,dc=com", directory.LdapBindUser, directory.LdapBindPassword))
    {
    string filter = "(&(objectClass=group))";
    using (DirectorySearcher searcher = new DirectorySearcher(entry, filter))
    {
    foreach (SearchResult result in searcher.FindAll())
    {
    }
    }

    i've also created a console application , that runs on the same machine using the same code and the it worked !

    so my only guess it might be related the the IIS or a missing web.config value that prevent the application from blocking the response.

    Tuesday, June 2, 2020 7:30 AM

All replies

  • User-460007017 posted

    Hi AmitBarkai,

    Could you post stack trace in your event viewer application log? Please try to set the application pool identity to local system. Maybe operation was isolated for some reason.

    Best Regards,

    Jokies Ding

    Wednesday, June 3, 2020 3:23 AM
  • User-1153357289 posted

    would like to add an important update regarding this issue.

    it seems that the first attempt to run group query using works !.

    meaning after doing an iisrest , ldap group query works.

    after 120 secounds.

    things stopped working .

    is there any reason to this wired behavior ?

    Monday, June 8, 2020 7:27 AM
  • User-460007017 posted

    Hi AmitBarkai,

    Did you receive any exception in event viewer application log?

    Best Regards,

    Jokies Ding

    Tuesday, June 9, 2020 9:35 AM
  • User-1153357289 posted

    no , there was not exception in the event viewer

    no , exception in the iis logs.

    another progress we made today which raise a question if there is an issue with the session 

    the DirectorySearcher creates with the ldap

    meaning .

    is there any way / known bug the the dispose of directorysearcher doesn't really dispose the objects

    and the session is still kept ?

    please note i've used a using statement so i would expect the dispose to be called at the end of the using section

    and when calling the group query again a new session will be created 

    Tuesday, June 9, 2020 9:45 AM
  • User-1153357289 posted

    i now have another step with understanding my issue

    after calling the code mentioned above
    i could see after running netstat on the ldap machine  ( netstat -nat | findstr my_ip_address | findstr :389 )
    i could see the connection stays established even when the using section is done

    TCP LDAP_IP:389 MY_IP:24730 ESTABLISHED InHost

    i could see there is another parameter authentication type , by default Secure
    when using my code this way the connection is disposed after the using section
    ```

    using (var directoryEntry = new DirectoryEntry(
    directoryPath,
    ConfigurationManager.AppSettings["ldapUsername"],
    ConfigurationManager.AppSettings["ldapPassword"],
    AuthenticationTypes.Anonymous))
    {

    }
    ```

    is there any reason why the TCP session is kept after the using section is done ? 

    is there a commandeered AuthenticationType ?

    Tuesday, June 9, 2020 2:00 PM