"Logon failure" using Invoke("SetPassword"...

[Guest]

I know that I have posted this question before, but it is still unresolved
and I don't know where to turn to next.

I have code that is creating a user (works fine), then sets the account
flags (works fine) and then sets the password (fails).

Here is the pertinent information:
Ex.InnerException.Message: Logon failure: unknown user name or bad password.
Ex.Message: Exception has been thrown by the target of an invocation.

Stack Trace:
at System.RuntimeType.InvokeDispMethod(String name, BindingFlags
invokeAttr, Object target,
Object[] args, Boolean[] byrefModifiers, Int32 culture, String[]
namedParameters)\r\n

at System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr,
Binder binder, Object target,
Object[] args, ParameterModifier[] modifiers, CultureInfo culture, String[]
namedParameters)\r\n

at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder
binder, Object target,
Object[] args)\r\n at
System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[]
args)\r\n

at Project.FormName.ChangeUserPassword(String szUsername) in
c:\\inetpub\\wwwroot\\Project\\secure\\usercreation.aspx.cs:line 254"

When I create the DirectoryEntry (code below):
DirectoryEntry entry = new DirectoryEntry(
"LDAP://dc.domain.local/CN=" + szUsername + ",OU=MyUsers,DC=domain,DC=local",
szAdminAccount + "@domain.local",
szAdminPwd,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

This is a WebApp that is running on Win2k3 Server IIS 6.

I have logged on with the account and password supplied and that works
fine and the account can change the password.

Any thoughts would be appreciated.

 

[Willy Denoyette [MVP]]

I know that I have posted this question before, but it is still unresolved
and I don't know where to turn to next.

I have code that is creating a user (works fine), then sets the account
flags (works fine) and then sets the password (fails).

Here is the pertinent information:
Ex.InnerException.Message: Logon failure: unknown user name or bad password.
Ex.Message: Exception has been thrown by the target of an invocation.

Stack Trace:
at System.RuntimeType.InvokeDispMethod(String name, BindingFlags
invokeAttr, Object target,
Object[] args, Boolean[] byrefModifiers, Int32 culture, String[]
namedParameters)\r\n

at System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr,
Binder binder, Object target,
Object[] args, ParameterModifier[] modifiers, CultureInfo culture, String[]
namedParameters)\r\n

at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder
binder, Object target,
Object[] args)\r\n at
System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[]
args)\r\n

at Project.FormName.ChangeUserPassword(String szUsername) in
c:\\inetpub\\wwwroot\\Project\\secure\\usercreation.aspx.cs:line 254"

When I create the DirectoryEntry (code below):
DirectoryEntry entry = new DirectoryEntry(
"LDAP://dc.domain.local/CN=" + szUsername + ",OU=MyUsers,DC=domain,DC=local",
szAdminAccount + "@domain.local",
szAdminPwd,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

This is a WebApp that is running on Win2k3 Server IIS 6.

I have logged on with the account and password supplied and that works
fine and the account can change the password.

Any thoughts would be appreciated.

As I told you in your previous posting:
- you are running this code on a NON domain member, and
- the account running this code is not a domain account (obviously)
That means that you can't use "SetPassword" to reset an accounts password, this is because
Windows cannot create a secure (encrypted) channel between the two machines (IIS server and
AD server) to establish the "SetPassword" protocol

The are a number of solutions for this problem.
You could add the IIS server machine to the login domain, if this isn't possible, you have
to use SSL as transport between both machines.
Please search MSDN for a description on how to configure AD for SSL access and how to export
the certificates to the clients.

Willy.

 

[Guest]

Willy,

As I said, that information is incorrect. It is running on a domain member.
It turns out that the problem was caused by a DNS problem. I did not
change my code, found and fixed the DNS issue and now the code works
perfectly.

Thank you for your help.

I know that I have posted this question before, but it is still unresolved
and I don't know where to turn to next.

I have code that is creating a user (works fine), then sets the account
flags (works fine) and then sets the password (fails).

Here is the pertinent information:
Ex.InnerException.Message: Logon failure: unknown user name or bad password.
Ex.Message: Exception has been thrown by the target of an invocation.

Stack Trace:
at System.RuntimeType.InvokeDispMethod(String name, BindingFlags
invokeAttr, Object target,
Object[] args, Boolean[] byrefModifiers, Int32 culture, String[]
namedParameters)\r\n

at System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr,
Binder binder, Object target,
Object[] args, ParameterModifier[] modifiers, CultureInfo culture, String[]
namedParameters)\r\n

at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder
binder, Object target,
Object[] args)\r\n at
System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[]
args)\r\n

at Project.FormName.ChangeUserPassword(String szUsername) in
c:\\inetpub\\wwwroot\\Project\\secure\\usercreation.aspx.cs:line 254"

When I create the DirectoryEntry (code below):
DirectoryEntry entry = new DirectoryEntry(
"LDAP://dc.domain.local/CN=" + szUsername + ",OU=MyUsers,DC=domain,DC=local",
szAdminAccount + "@domain.local",
szAdminPwd,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

This is a WebApp that is running on Win2k3 Server IIS 6.

I have logged on with the account and password supplied and that works
fine and the account can change the password.

Any thoughts would be appreciated.

As I told you in your previous posting:
- you are running this code on a NON domain member, and
- the account running this code is not a domain account (obviously)
That means that you can't use "SetPassword" to reset an accounts password, this is because
Windows cannot create a secure (encrypted) channel between the two machines (IIS server and
AD server) to establish the "SetPassword" protocol

The are a number of solutions for this problem.
You could add the IIS server machine to the login domain, if this isn't possible, you have
to use SSL as transport between both machines.
Please search MSDN for a description on how to configure AD for SSL access and how to export
the certificates to the clients.

Willy.

 

[Willy Denoyette [MVP]]

Willy,

As I said, that information is incorrect. It is running on a domain member.
It turns out that the problem was caused by a DNS problem. I did not
change my code, found and fixed the DNS issue and now the code works
perfectly.

This is confusing, and is the result of multi-posting, in one of your previous threads you
first said that it was *not* running on a domain member, in that same thread you suddenly
switched to a domain member and now you started a new thread, but failed to give some
context. You don't suppose I know exactly on what machines you are running your code do you?
Context is extremely important, as you might have found out yourself by now, when having
issues like this.

Willy.