Hello

I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.

The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.

We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.

Here is a successful output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457

Here is the problematic output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)

Any help is much appreciated.

Cheers

Here is our test code:

try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);

AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);

// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];

// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}

END

Is the production server a domain member of the AD domain?

Willy.
"David Moore" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Hello

I am using the System.DirectoryServices namespace classes to access Active Directory. We connect using the LDAP://DOMAIN method.

The code works on local dev boxes, and in staging, but doesn't work on a particular box in our production environment. When we try to connect and do a search, we get a "The authentication mechanism is unknown" error. I have searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and found this error, but noone can offer an explanation or a solution.

We put together a simple application to help us debug the problem, using the same code we used in our application, but allowing us to have logging and see the stack trace. We ran this as a console application, then as a ASP.NET application, with the same result (it works, and defaults to the Secure authentication type - except it breaks on the production box!). Trying other authentication types doesn't help either.

Here is a successful output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457

Here is the problematic output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)

Any help is much appreciated.

Cheers

Here is our test code:

try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text, txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'", ddlAuthenticationType.SelectedItem.Value);

AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse( typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames( typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text, txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}", entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}", entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);

// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals = result.Properties["employeeid"];

// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}

END

Yes it is

"Willy Denoyette [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Is the production server a domain member of the AD domain?

Willy.
"David Moore" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Hello

I am using the System.DirectoryServices namespace classes to access Active
Directory. We connect using the LDAP://DOMAIN method.

The code works on local dev boxes, and in staging, but doesn't work on a
particular box in our production environment. When we try to connect and do
a search, we get a "The authentication mechanism is unknown" error. I have
searched on Google, Microsoft Support Knowledge Base and Yahoo etc, and
found this error, but noone can offer an explanation or a solution.

We put together a simple application to help us debug the problem, using the
same code we used in our application, but allowing us to have logging and
see the stack trace. We ran this as a console application, then as a ASP.NET
application, with the same result (it works, and defaults to the Secure
authentication type - except it breaks on the production box!). Trying other
authentication types doesn't help either.

Here is a successful output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Search was successful.
Search found an entry.
Looking up employeeid
EmployeeID = 18457

Here is the problematic output:

Connecting to mgsmith:xxxxx@LDAP://AUNZ with authentication type 'Secure'
Authentication Type = Secure
Type = AuthenticationTypes
Setting LDAP Search Filter to (samaccountname=mgsmith)
Executing search.FindOne()...
Exception: The authentication mechanism is unknown
Stack Trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean
throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Sandbox.WebForm1.cmdLogin_Click(Object sender, EventArgs e)

Any help is much appreciated.

Cheers

Here is our test code:

try
{
// Bind to the domain directory server
Console.Write("Connecting to {0}:{1}@{2}", txtUsername.Text,
txtPassword.Text, txtUri.Text);
DirectoryEntry entry;
Console.WriteLine(" with authentication type '{0}'",
ddlAuthenticationType.SelectedItem.Value);

AuthenticationTypes authTypeValue = new AuthenticationTypes();
try
{
authTypeValue = (AuthenticationTypes) Enum.Parse(
typeof(AuthenticationTypes), ddlAuthenticationType.SelectedItem.Value,true);
}
catch(Exception ex)
{
Console.WriteLine("There was an exception when configuring
AuthenticationTypes. Message: {0}", ex.Message);
Console.WriteLine("Available AuthenticationTypes:");
foreach( string enumName in Enum.GetNames(
typeof(AuthenticationTypes) ) )
{
Console.WriteLine(" {0}", enumName);
}
Environment.Exit(2);
}
entry = new DirectoryEntry(txtUri.Text, txtUsername.Text,
txtPassword.Text, authTypeValue);
Console.WriteLine("Authentication Type = {0}",
entry.AuthenticationType.ToString() );
Console.WriteLine("Type = {0}",
entry.AuthenticationType.GetType().Name);
// Set up the LDAP search filter
DirectorySearcher searcher = new DirectorySearcher( entry );
searcher.Filter = "(samaccountname=" + txtLookup.Text + ")";
Console.WriteLine("Setting LDAP Search Filter to {0}", searcher.Filter);

// Find the first occurance for the search filter
Console.WriteLine("Executing search.FindOne()...");
SearchResult result = searcher.FindOne();
Console.WriteLine("Search was successful.");
if (result != null)
{
Console.WriteLine("Search found an entry.");
// Store the employee id
Console.WriteLine("Looking up employeeid");
ResultPropertyValueCollection propVals =
result.Properties["employeeid"];

// Check that we can find at least 1 employeeID
if ( propVals == null || propVals.Count <= 0 )
{
Console.WriteLine("Couldn't find employee ID in directory
entry!");
}
else
{
// If there's more than one employeeID something must be up!
// Doubt this would ever happen, but just in case ;-)
if (propVals.Count > 1)
{
Console.WriteLine("User has more than one employeeID?!");
}
foreach(string employeeID in propVals)
{
Console.WriteLine("EmployeeID = {0}", employeeID);
}
}
}
else
{
Console.WriteLine("No matching entry found.");
}
}
catch (Exception ex)
{
Console.WriteLine("Exception: " + ex.Message );
Console.WriteLine("Stack Trace: " + ex.StackTrace);
}

END

>Yes it is

I'd recommend

a) to check out the microsoft.public.adsi.general newsgroup - lots of
AD cracks there

b) Look into ASP.NET issues - things like what context does the app
run under etc.

c) Check out the Directory Services + ADSI Yahoo! group - again, lots
of AD and ASP.NET cracks there
http://groups.yahoo.com/group/ADSIANDDirectoryServices/

d) LEARN hot to post in PURE text (*NOT* HTML) and LIMIT QUOTING when
answeing..... (just to answer "yes it is", you don't need to repeat
300 lines of other text........)

Thanks!
Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch