|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
AzMan connection problemsHi
I have an ASP .NET 2.0 app connecting to an ADAM AzMan Store on a DC. I tested this from my machine and it worked fine. When I moved the app to a server, I get an error when it tries to initialize the AzManStore: The system cannot open the device or file specified (Exception from HRESULT: 0x8007006E) I have a feeling this is due to security on the store, but I have even gone as far as giving Everyone the Reader permission and it still fails. Can't seem to find much in the event logs either. Does anybody have any ideas on how to fix this? Thanks I'm having the same problem in a similar environment. In my case the ASP.Net
2.0 application can successfully call AzMan to access the AD datastore when the application is opened on the server, however running the application from a client causes the same error detailed below. Am very keen to here of any suggestions for this. Thanks, Dean. Show quoteHide quote "bigbro***@gmail.com" wrote: > Hi > > I have an ASP .NET 2.0 app connecting to an ADAM AzMan Store on a DC. I > tested this from my machine and it worked fine. When I moved the app to > a server, I get an error when it tries to initialize the AzManStore: > The system cannot open the device or file specified (Exception from > HRESULT: 0x8007006E) > > I have a feeling this is due to security on the store, but I have even > gone as far as giving Everyone the Reader permission and it still > fails. Can't seem to find much in the event logs either. > > Does anybody have any ideas on how to fix this? > > Thanks > > I've got the same issue. Were either of you able to resolve?
Show quoteHide quote "DNo" wrote: > I'm having the same problem in a similar environment. In my case the ASP.Net > 2.0 application can successfully call AzMan to access the AD datastore when > the application is opened on the server, however running the application from > a client causes the same error detailed below. > > Am very keen to here of any suggestions for this. > Thanks, > Dean. > > > "bigbro***@gmail.com" wrote: > > > Hi > > > > I have an ASP .NET 2.0 app connecting to an ADAM AzMan Store on a DC. I > > tested this from my machine and it worked fine. When I moved the app to > > a server, I get an error when it tries to initialize the AzManStore: > > The system cannot open the device or file specified (Exception from > > HRESULT: 0x8007006E) > > > > I have a feeling this is due to security on the store, but I have even > > gone as far as giving Everyone the Reader permission and it still > > fails. Can't seem to find much in the event logs either. > > > > Does anybody have any ideas on how to fix this? > > > > Thanks > > > > Not yet. I have raised a support request with Microsoft which they are
currently working on. Dean. Show quoteHide quote "Andrew" wrote: > I've got the same issue. Were either of you able to resolve? > > "DNo" wrote: > > > I'm having the same problem in a similar environment. In my case the ASP.Net > > 2.0 application can successfully call AzMan to access the AD datastore when > > the application is opened on the server, however running the application from > > a client causes the same error detailed below. > > > > Am very keen to here of any suggestions for this. > > Thanks, > > Dean. > > > > > > "bigbro***@gmail.com" wrote: > > > > > Hi > > > > > > I have an ASP .NET 2.0 app connecting to an ADAM AzMan Store on a DC. I > > > tested this from my machine and it worked fine. When I moved the app to > > > a server, I get an error when it tries to initialize the AzManStore: > > > The system cannot open the device or file specified (Exception from > > > HRESULT: 0x8007006E) > > > > > > I have a feeling this is due to security on the store, but I have even > > > gone as far as giving Everyone the Reader permission and it still > > > fails. Can't seem to find much in the event logs either. > > > > > > Does anybody have any ideas on how to fix this? > > > > > > Thanks > > > > > > I'm not an AzMan expert at all, but this sounds like an
impersonation/delegation issue as the symptoms are classic double hop authentication. Is impersonation enabled? What security context is being used to access the AzMan store? If you are trying to use the authenticated user's security context to do so, you may need to configure Kerberos delegation. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "DNo" <D**@discussions.microsoft.com> wrote in message news:3D67B1F0-FDB1-409B-8655-1B22F843587B@microsoft.com... > Not yet. I have raised a support request with Microsoft which they are > currently working on. > Dean. > > > "Andrew" wrote: > >> I've got the same issue. Were either of you able to resolve? >> >> "DNo" wrote: >> >> > I'm having the same problem in a similar environment. In my case the >> > ASP.Net >> > 2.0 application can successfully call AzMan to access the AD datastore >> > when >> > the application is opened on the server, however running the >> > application from >> > a client causes the same error detailed below. >> > >> > Am very keen to here of any suggestions for this. >> > Thanks, >> > Dean. >> > >> > >> > "bigbro***@gmail.com" wrote: >> > >> > > Hi >> > > >> > > I have an ASP .NET 2.0 app connecting to an ADAM AzMan Store on a DC. >> > > I >> > > tested this from my machine and it worked fine. When I moved the app >> > > to >> > > a server, I get an error when it tries to initialize the AzManStore: >> > > The system cannot open the device or file specified (Exception from >> > > HRESULT: 0x8007006E) >> > > >> > > I have a feeling this is due to security on the store, but I have >> > > even >> > > gone as far as giving Everyone the Reader permission and it still >> > > fails. Can't seem to find much in the event logs either. >> > > >> > > Does anybody have any ideas on how to fix this? >> > > >> > > Thanks >> > > >> > > Please post any answers you get from MS. It appears there are several people
in the same situation. Show quoteHide quote "DNo" wrote: > Not yet. I have raised a support request with Microsoft which they are > currently working on. > Dean. > > > "Andrew" wrote: > > > I've got the same issue. Were either of you able to resolve? > > > > "DNo" wrote: > > > > > I'm having the same problem in a similar environment. In my case the ASP.Net > > > 2.0 application can successfully call AzMan to access the AD datastore when > > > the application is opened on the server, however running the application from > > > a client causes the same error detailed below. > > > > > > Am very keen to here of any suggestions for this. > > > Thanks, > > > Dean. > > > > > > > > > "bigbro***@gmail.com" wrote: > > > > > > > Hi > > > > > > > > I have an ASP .NET 2.0 app connecting to an ADAM AzMan Store on a DC. I > > > > tested this from my machine and it worked fine. When I moved the app to > > > > a server, I get an error when it tries to initialize the AzManStore: > > > > The system cannot open the device or file specified (Exception from > > > > HRESULT: 0x8007006E) > > > > > > > > I have a feeling this is due to security on the store, but I have even > > > > gone as far as giving Everyone the Reader permission and it still > > > > fails. Can't seem to find much in the event logs either. > > > > > > > > Does anybody have any ideas on how to fix this? > > > > > > > > Thanks > > > > > > > > Solution: When you are configuring the ASP.NET app pool account for delegation, make sure you include an ldap entry in addition to the other services you need to delegate credentials to (like SQL Server) if you are storing the AzMan policy store in AD.
This is called constrained delegation and it's one of the options available on the Delegation tab within AD, though not labled "constrained delegation" it's text is "Trust this user for delegation to specified services only". To add services for delegation, you select the target server and pick the services (you'll see SPN entries for the most common services - you can also create these using setspn.exe). You should see one called ldap for the AD on the server where you're storing the AzMan policy store. Hope this helps someone. Sure killed a few hours of my day today... From http://www.developmentnow.com/g/46_2006_6_0_0_779774/AzMan-connection-problems.htm Posted via DevelopmentNow.com Groups http://www.developmentnow.com That's strange - I don't have any SPNs on my AD server. Anyway, I did
as killajoe explained and it don't seem to help. But still when I run an ASP.NET WebSite from Visual Studio everything works. When I publish it to IIS and run from IIS it doesn't... On 19 ???. 2006, 01:40, killajoe<nos***@developmentnow.com> wrote: Show quoteHide quote > Solution: When you are configuring the ASP.NET app pool account for delegation, make sure you include an ldap entry in addition to the other services you need to delegate credentials to (like SQL Server) if you are storing theAzManpolicy store in AD. > > This is called constrained delegation and it's one of the options available on the Delegation tab within AD, though not labled "constrained delegation" it's text is "Trust this user for delegation to specified services only". To add services for delegation, you select the target server and pick the services (you'll see SPN entries for the most common services - you can also create these using setspn.exe). You should see one called ldap for the AD on the server where you're storing theAzManpolicy store. > > Hope this helps someone. Sure killed a few hours of my day today... > > Fromhttp://www.developmentnow.com/g/46_2006_6_0_0_779774/AzMan-connection... > > Posted via DevelopmentNow.com Groupshttp://www.developmentnow.com 
Other interesting topics
At What Point Does the Security Begin?
Need advise... Certification Authority, code signing, code access Programmatically Install Certificate into Windows Certificate Store Help : Access denied ??? Kerberos and forms authentication Loading permission sets Active Directory and ASP.NET 2.0 permission for socket access IDentifiy user acl on a folder ???? |
|||||||||||||||||||||||
