I successfully set up this package and it's working great! That is until one of our domain controllers went offline for maintenance. We have two DCs and both were configured in web.config. It looks like it is only looking for the first AD server entry and if that isn't available, instead of failing over to the next server, it doesn't authenticate.
it wasn't really written with failover in mind it was more intended for multiple domains (we had lots of users across many domains logging onto the single site).
It should in theory try each setting, but I suspect you are getting a timeout when it attempts to get to the dead server - in what way was it down (completely off - or responding badly?)
Obviously you might not want to try it on your live site but setting putting ?umbdebugshowtrace=true on the url (i.e http://mysite/?umbdebugshowtrace=true ) will let you see the provider stepping through (it should log for each domain it encounters).
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Multiple DCs configured, but no failover?
I successfully set up this package and it's working great! That is until one of our domain controllers went offline for maintenance. We have two DCs and both were configured in web.config. It looks like it is only looking for the first AD server entry and if that isn't available, instead of failing over to the next server, it doesn't authenticate.
Here's the snippet from our web.config file:
Passwords have been changed to protect the innocent :-)
We basiclly want to failover to the 192.168.1.5 server if 192.168.1.6 is unavailable (and vice versa).
So is a failover not a feature of this package? Is there a better way of doing this? I'm appreciative of any information you can help provide!
it wasn't really written with failover in mind it was more intended for multiple domains (we had lots of users across many domains logging onto the single site).
It should in theory try each setting, but I suspect you are getting a timeout when it attempts to get to the dead server - in what way was it down (completely off - or responding badly?)
Obviously you might not want to try it on your live site but setting putting ?umbdebugshowtrace=true on the url (i.e http://mysite/?umbdebugshowtrace=true ) will let you see the provider stepping through (it should log for each domain it encounters).
Hey Kevin,
Thanks for the quick reply. It was completely off when it wouldn't authenticate.
It actually threw a .NET error:
Server Error in '/' Application.
--------------------------------------------------------------------------------
The LDAP server is unavailable.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[LdapException: The LDAP server is unavailable.]
System.DirectoryServices.Protocols.LdapConnection.Connect() +163067
System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID) +760
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) +108
System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) +489
[PrincipalServerDownException: The server could not be contacted.]
System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties) +522681
System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval() +103
System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password) +723
System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, String userName, String password) +102
LDL.Web.Security.ActiveDirectory.ADRoleProvider.GetRolesForUser(String username) +1036
System.Web.Security.RolePrincipal.GetRoles() +329
System.Web.Security.Roles.GetRolesForUser(String username) +675
umbraco.cms.businesslogic.web.Access.HasAccces(Int32 documentId, Object memberId) +126
Umbraco.Web.Routing.PublishedContentRequestBuilder.EnsureNodeAccess() +603
Umbraco.Web.Routing.PublishedContentRequestBuilder.LookupDocument2() +891
Umbraco.Web.Routing.PublishedContentRequestBuilder.LookupDocument() +234
Umbraco.Web.Routing.PublishedContentRequest.ProcessRequest(HttpContextBase httpContext, UmbracoContext umbracoContext, Action`1 onSuccess) +187
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +266
Hope this helps better understand the issue. Let me know if you have any ideas! Thanks so much for your help!
is working on a reply...