IIS 5 & IIS 6
DirectorySearcher wired behavior "server is not operational"
Last post Jun 09, 2020 02:00 PM by AmitBarkai
Jun 02, 2020 07:30 AM|AmitBarkai|LINK
i'm experiencing very wired behavior while using the DirectorySearcher class throwing "Server is not operational" exception
while trying to get groups for LDAPs. ( this is a web application using .net 4.5)
there are 2 call the the LDAP :
1.getting the domain controllers - works always
2.getting the domain groups - which fails for some customers
this is code sample the runs for getting the ldap groups
using (DirectoryEntry entry = new DirectoryEntry("LDAP://thedomain.com:636/dc=thedomain,dc=com", directory.LdapBindUser, directory.LdapBindPassword))
string filter = "(&(objectClass=group))";
using (DirectorySearcher searcher = new DirectorySearcher(entry, filter))
foreach (SearchResult result in searcher.FindAll())
i've also created a console application , that runs on the same machine using the same code and the it worked !
so my only guess it might be related the the IIS or a missing web.config value that prevent the application from blocking the response.
Jun 03, 2020 03:23 AM|Yuk Ding|LINK
Could you post stack trace in your event viewer application log? Please try to set the application pool identity to local system. Maybe operation was isolated for some reason.
Jun 08, 2020 07:27 AM|AmitBarkai|LINK
would like to add an important update regarding this issue.
it seems that the first attempt to run group query using works !.
meaning after doing an iisrest , ldap group query works.
after 120 secounds.
things stopped working .
is there any reason to this wired behavior ?
Jun 09, 2020 09:35 AM|Yuk Ding|LINK
Did you receive any exception in event viewer application log?
Jun 09, 2020 09:45 AM|AmitBarkai|LINK
no , there was not exception in the event viewer
no , exception in the iis logs.
another progress we made today which raise a question if there is an issue with the session
the DirectorySearcher creates with the ldap
is there any way / known bug the the dispose of directorysearcher doesn't really dispose the objects
and the session is still kept ?
please note i've used a using statement so i would expect the dispose to be called at the end of the using section
and when calling the group query again a new session will be created
Jun 09, 2020 02:00 PM|AmitBarkai|LINK
i now have another step with understanding my issue
after calling the code mentioned above
i could see after running netstat on the ldap machine ( netstat -nat | findstr my_ip_address | findstr :389 )
i could see the connection stays established even when the using section is done
TCP LDAP_IP:389 MY_IP:24730 ESTABLISHED
i could see there is another parameter authentication type , by default Secure
when using my code this way the connection is disposed after the using section
using (var directoryEntry = new DirectoryEntry(
is there any reason why the TCP session is kept after the using section is done ?
is there a commandeered AuthenticationType ?