Forms Authentication with LDAP "Server is unavailable" error

Question

I'm using Active Directory and Forms Authentication to log into a few of our intranet websites. Sometimes when users log in, an exception occurs. I receive an email on all exceptions and so far, this is the only exception that I don't know how to fix. I have researched this on and off for weeks, but I have had no luck in solving this problem.

Source:
System.DirectoryServices.Protocols

Date and Time:
01/06/2014 8:37 AM

Message:
The server is unavailable.

Stack Trace:

at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at System.Web.Security.ActiveDirectoryMembershipProvider.ValidateCredentials(String username, String password)
at System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUserCore(String username, String password)
at System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUser(String username, String password)
at System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e)
at System.Web.UI.WebControls.Login.AttemptLogin()
at System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

User:

Browser Information:

Browser Capabilities, Type = IE8, Name = IE, Version = 8.0, Major Version = 8, Minor Version = 0, Platform = WinXP, Is Beta = False, Is Crawler = False, Is AOL = False, Is Win16 = False, Is Win32 = True, Supports Frames = True, Supports Tables = True, Supports Cookies = True, Supports VBScript = True, Supports JavaScript = 3.0, Supports Java Applets = True, Supports ActiveX Controls = True, Supports JavaScript Version = 1.5,

I am unable to replicate this error on the development server. It's strange, because it will throw the exception, then they can log in just fine after. Some days I don't receive this exception at all, and other days it's off the wall. Could this be a problem with the production server? Possibly a setting is missing or something? I really don't know what's going on with this one. Does anyone have experience with this?

This is how I'm connecting in the web.config

Connection string

<add name="ADService" 
     connectionString="LDAP://domain/OU=users,DC=domaincontroller,DC=net" />

Membership provider

 <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear />
        <!--Membership provider for Active Directory-->
        <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,  System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="ADService" attributeMapUsername="sAMAccountName" />
      </providers>
    </membership>

I'm not sure what's going on. Any help is appreciated!

UPDATE: We are currently doing a big release that includes a Single Sign On. We are still using Forms Authentication and Active Directory. We set up a brand new production server. It hasn't went live yet, but some people have access to it. I have already received the same message on this new server. It's Server 2008 R2 Standard. We are using IIS Version 7.5.7600.16385 to be exact. This exception is annoying for me and annoying for the users. It may not happen all the time on the current production but some days it doesn't happen once (not sure if it's because it's a slow day and people aren't using the website) and then some days it happens like crazy and I can get about 15 to 20 of theses exceptions. (if not more) I have looked at multiple issues. Others have had a similar problem but theirs occur when they enter the correct username but wrong password. I have tried entering the password in wrong hundreds of times but I could never replicate the problem.

Answer 1

I just had this same issue. I jumped onto the DNS server and found there was this warning logged at the time I was having the issue:

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

After I finished my troubleshooting, I was able to login to my ASP.NET webapp using AD credentials. Methinks it's an issue with DNS server being unable to start until the Active Directory Domain Services initial synchronisation is complete.

Answer 2

Hi I had this problem also in my Application.

Users would randomly get this message when they Login, it was driving me crazy.

I think I have fixed this problem by providing the full windows name and port instead of just using the AD server hostname.

<add key="LDAPPath" value="LDAP://LDAPSERVER.be.ndl.OURDOMAIN.com:389/DC=be,DC=ndl,DC=OURDOMAIN,DC=com"/>

I hope this helps.

Answer 3

Just a thought - not sure if that's really the problem, but try it.

The Users container in Active Directory is a generic container (and those are prefixed with a CN= - not an organizational unit (prefixed with OU=) - so try this config:

connectionString="LDAP://domain/CN=users,DC=domaincontroller,DC=net"