none
HRESULT: 0X80070490 with AzMan and AD LDS on 2008 server RRS feed

  • Question

  • We have a WPF client (running on an XP) which is working with AzMan
    (configured to work with ADAM/AD LDS). The AzMan-AD LDS are configured on a 2008 server.
    When trying to open the AzMan store (AZROLESLib.AZAuthorizationStoreClass.OpenApplication2(String
    bstrApplicationName, Object varReserved)) we get the exception:
    "Element not found. (Exception from HRESULT: 0X80070490)".
    When we copy the wpf application to the 2008 server and run it locally we have no
    problems. Also when we created the same AzMan-ADAM configuration on a 2003
    box the application has no problem and we get no exceptions. So it's only with the XP to 2008 server that we get this exception.
    Is there a known issue with 2008 server in this aspect? Should we use a different dll but Microsoft.Interop.Security.AzRoles 2.0.0.0?
    Thank you,
    Ken
    Tuesday, June 16, 2009 6:53 PM

All replies

  • Hi Ken,

    Are you sure your app has the right read permissions to the ADAM data? I'm
    guessing the app would be using Windows auth to bind to the ADAM LDAP server
    and uses the process identity of the app pool (typically network service) to
    do this. That would mean that you would either need to grant the machine
    account for the domain computer object for the machine read access to ADAM
    or something more general (I typically give "authenticated users" read
    access in ADAM unless there is something really sensitive in there that
    requires specific restrictions).

    The error you are getting is not very helpful at all, but this could just be
    some sort of operational problem related to not being app to read the data.
    In LDAP, if you try to read data that you don't have permission to see, the
    result to the client is that it simply doesn't exist. You don't get an
    access denied error.

    If there was a failure to authenticate, at the LDAP layer you'd likely get
    an "operations error" from ADAM in this case.

    For more details you may refer: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.dotnet.framework.aspnet.security&tid=58afd774-91f7-40a8-a196-23bbed2aa9e8&mid=7d170ca2-50f2-4144-988f-ceffb68ad30c&cat=&lang=&cr=&sloc=&p=3

    OR

    I suppose that on a new install of Windows XP Professional the
    azroles.dll does not exist. To get it you can install the Windows 2003
    Server adminpack.

    Get it here (link at the bottom of page).

    http://www.microsoft.com/windowsserver2003/downloads/tools

    Once you install the adminpack you can find asroles.dll

    %windows%\system32\


    Hope this helps.

    Thanks
    Abhay
    Tuesday, August 11, 2009 6:53 PM
  • Thank you Abhay,
    The security configuration is ok and we do have the AzMan runtime on the XP machine. Since I published the question I've been working with Microsoft Support to resolve the issue. I still don't have a solution. The problem seems to be related to the fact that the 2008 machine is running SP2. I will publish an answer once I'll have it.
    Thnak you,
    Ken
    Friday, August 14, 2009 10:32 PM
  • Same issue. Only with the XP to 2008 server. Any progress?
    Friday, September 25, 2009 5:00 PM
  • Hey KenSaraf,

     

    I was wondering if you received any reply from microsoft or have a resolution to your problem? I am having a similar problem where we have a 2008 server box which also host the SQL Azman store, but am having problems communicating with it via the COM library (Microsoft.Interop.Security.AzRoles v2.0.0.0) from an XP development machine.

     

    I hope you have an answer as this is driving me up the wall. I want to use 2008 so i can utilise the functionality of having the Azman store on SQL server...

     

    Best Regards

     

    Hiren

    Wednesday, September 15, 2010 8:30 AM