UserPrincipal.FindByIdentity sometimes failing with DirectoryServicesCOMException: An operations error occurred

Question

UserPrincipal.FindByIdentity sometimes failing with DirectoryServicesCOMException: An operations error occurred

We are a team where everyone of us experience this somewhat random error. The error is listed below and appears on the line: UserPrincipal.FindByIdentity(principalContext, windowsPrincipal.Identity.Name);

It works just fine several days/weeks/months, and then one of us get this error.

On our test server, where we do not deploy changes to as frequently as our local machines, it works for many months before we get this error.

If we change the application pool from ApplicationPoolIdentity to NetworkService, that works. However, after switching back to ApplicationPoolIdentity the same error appears.

IISreset does not help.

Rebooting the computer always solves the problem, so the ApplicationPoolIdentity has no problems to authenticate us on a daily basis.

This is the code (somewhat modified) that we use:

var windowsPrincipal = principal as WindowsPrincipal;
if (windowsPrincipal == null)
    return null;
try
{
    var principalContext = new PrincipalContext(ContextType.Domain);
    var userPrincipal = UserPrincipal.FindByIdentity(principalContext, windowsPrincipal.Identity.Name);
    if (userPrincipal == null) return null;
    return userPrincipal.Surname;
}

Here is the error message:

An operations error occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.

Source Error:
var principalContext = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(principalContext, windowsPrincipal.Identity.Name);

Stack Trace:


[DirectoryServicesCOMException (0x80072020): An operations error occurred.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +628309
   System.DirectoryServices.DirectoryEntry.Bind() +44
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
   System.DirectoryServices.PropertyValueCollection.PopulateList() +29
   System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63
   System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163
   System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +521413
   System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51
   System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +161
   System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29
   System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +81

asp.net

visual-studio

active-directory

claims-based-identity

asked on Stack Overflow Apr 4, 2013 by

Jonas Lewin • edited Apr 5, 2013 by

Jonas Lewin

1 Answer

If you are not disposing it in a finaly block, you'll eventually run out of resources...

Using (var principalContext = new PrincipalContext(ContextType.Domain)) 
{
var userPrincipal = UserPrincipal.FindByIdentity(principalContext, 
  windowsPrincipal.Identity.Name);
if (userPrincipal == null) return null;
  return userPrincipal.Surname;
}

should help

answered on Stack Overflow Apr 6, 2013 by

Daro • edited Apr 6, 2013 by

Daro

User contributions licensed under CC BY-SA 3.0