none
2008 R2 SP1, IPv6 and PrincipalContext RRS feed

  • Question

  • Environment and settings:

        • Windowas 2008 R2 SP1,
        • One NIC
        •  IPV6 on NIC level enabled
        • File and Printer Sharing  disabled on NIC level
        • Computer not connected to domain
        • User A with local logon enabled
        • User B with local logon disabled

    We have 3 scenarios:

    Scenario 1

    -          Actions

    1. Registry 2 added to registry database
    2. Computer restart

    -           Effect

    1. User A and B cannot authenticate using Code 01 – Exception 01 is raised
    2. User A can authenticate using Code 02

    Scenario 2

    -          Actions

    1. Registry 1 added to registry database
    2. Computer restart

    -           Effect

    1. User A and B cannot authenticate using Code 01 – Exception 01 is raised
    2. User A can authenticate using Code 02

    Scenario 3

    -          Actions

    1. IPv6 on NIC level is disabled
    2. Registry 1 added to registry database
    3. Computer restart

    -           Effect

    1. User A and B can authenticate using Code 01
    2. User A can authenticate using Code 02

    If I enable File and printer Sharing (Disable and Enable NIC) in these 3 scenarios  Code 01 [DotNET]

    starts work correctly.

    My questions are:

    1. What is the relationship between IPv6 (on NIC and Machine level) and ValidateCredentials
    2. How do I check whether the ValidateCredentials method can work?
    3. Is it possibility to enforce to work code 02 with Users with local logon disabled?
    4. What is the relationship between File and Printer Sharing and ValidateCredentials.

    Exception01

    System.IO.FileNotFoundException: The network name cannot be found.

       at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADs.Get(String bstrName)

       at System.DirectoryServices.AccountManagement.CredentialValidator.BindSam(String target, String userName, String password)

       at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password)

       at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password)

    Registry 01

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters]

    "DisabledComponents"=dword:00000000

    Registry 02

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters]

    "DisabledComponents"=dword:FFFFFFFF

    Code 01 [DotNET]

    pc = new PrincipalContext(contextType);

    if (!pc.ValidateCredentials(domainName + @"\" + userName, password))

    Code 02 [Native]

            [DllImport("advapi32.dll", SetLastError = true)]

            private static extern bool LogonUser(String userName, String domainName,

            String password, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

            [DllImport("kernel32.dll", CharSet = CharSet.Auto)]

            private extern static bool CloseHandle(IntPtr handle);

            private const int LOGON32_PROVIDER_DEFAULT = 0;

            private const int LOGON32_LOGON_INTERACTIVE = 2;

            private const char DOMAIN_USER_DELIMITER = '\\';

            private string PROVIDER_PATH = "WinNT://";

                    bool isDirectLogOnSucc = LogonUser(userName,

                        domainName,

                        password,

                        LOGON32_LOGON_INTERACTIVE, //log on interactively

                        LOGON32_PROVIDER_DEFAULT,  //use standard logon provider

                        ref hToken);

    Monday, February 11, 2013 1:09 PM

All replies