CODEWITHSUNDEEP
vb.netiisactive-directorydirectoryservicesadsi
mac meureg
mac meureg

Reputation: 1

.Invoke(“SetPassword”, …) results in “RPC server is unavailable” error

I have a page to create new users in our active directory using VB.NET I’m using the following code

Dim rootEntry As New DirectoryEntry
With rootEntry
    .Path = "LDAP://" & strServer & "/" & strLDAP
    .AuthenticationType = AuthenticationTypes.Secure
    .Username = strServerUsername
    .Password = strServerPassword
End With



Dim newUser As DirectoryEntry = rootEntry.Children.Add("CN=" & strCN, "user")
With newUser
    .CommitChanges()
    .Properties("userPrincipalName").Value = TextPN.Text 
    .Properties("sAMAccountName").Value = TextAlias.Text
    .Properties("givenname").Value = TextGivenname.Text
    .Properties("sn").Value = TextSurname.Text
    ……
    .CommitChanges()

    .Invoke("setPassword", New Object() {strDefaultPassword})
    .CommitChanges()
    .Properties("userAccountControl").Value = &H0001
    .CommitChanges()        
End With

This code worked fine in the past. Now we’ve migrated our webserver to Windows Server 2008 R2 and IIS 7.5, and suddenly the code is not working anymore. (.net framework is 2.0 and cannot be changed) The user is still created in our active directory, but the account is automatically disabled and the password is not set.

Investigating this issue shows that an exception is thrown at the line

 .Invoke("setPassword", New Object() {strDefaultPassword})

Exception

The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

The user account which is used to connect to the AD is still the same and had domain admin rights. Since nothing has changed to the code, I think there must be another reason why this is not working anymore? Firewall settings, IIS configuration,..?

Any ideas??

I know there is a similar case here Trying to create a new Active Directory user, Invoke("SetPassword",pwd) throws "The RPC server is unavailable" , but this doesn’t help me out.

Upvotes: 0

Views: 4162

Answers (2)

mtnielsen
mtnielsen

Reputation: 188

DirectoryEntry.Invoke() requires AuthenticationType.Secure. What this means is that it needs to be able to authenticate the request via Kerberos or NTLM.

It attempts to use LDAPS (TCP 636) first, then falls back to CiFS (TCP445) if/when it times out or fails because of a missing or invalid certificate. If neither of these ports are open, it will fail with an "RPC Server unavailable" exception.

Upvotes: 1

manirac
manirac

Reputation: 11

Check TCP/UDP 445 port is opened on your firewall. To connect to an AD server from outside a domain, you need the following ports to be opened : . TCP/UDP 389 (LDAP) . TCP 3268 (GC) . TCP/UDP 445 (SMB over IP)

Upvotes: 1

Related Questions