Re: "Logon failure" using Invoke("SetPassword"...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Willy,

As I said, that information is incorrect. It is running on a domain member.
It turns out that the problem was caused by a DNS problem. I did not
change my code, found and fixed the DNS issue and now the code works
perfectly.

Thank you for your help.

"Joe" <Joe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D4E10280-11A3-43AA-83FB-5DCC4BBB883D@xxxxxxxxxxxxxxxx
I know that I have posted this question before, but it is still unresolved
and I don't know where to turn to next.

I have code that is creating a user (works fine), then sets the account
flags (works fine) and then sets the password (fails).

Here is the pertinent information:
Ex.InnerException.Message: Logon failure: unknown user name or bad password.
Ex.Message: Exception has been thrown by the target of an invocation.

Stack Trace:
at System.RuntimeType.InvokeDispMethod(String name, BindingFlags
invokeAttr, Object target,
Object[] args, Boolean[] byrefModifiers, Int32 culture, String[]
namedParameters)\r\n

at System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr,
Binder binder, Object target,
Object[] args, ParameterModifier[] modifiers, CultureInfo culture, String[]
namedParameters)\r\n

at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder
binder, Object target,
Object[] args)\r\n at
System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[]
args)\r\n

at Project.FormName.ChangeUserPassword(String szUsername) in
c:\\inetpub\\wwwroot\\Project\\secure\\usercreation.aspx.cs:line 254"

When I create the DirectoryEntry (code below):
DirectoryEntry entry = new DirectoryEntry(
"LDAP://dc.domain.local/CN="; + szUsername + ",OU=MyUsers,DC=domain,DC=local",
szAdminAccount + "@domain.local",
szAdminPwd,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

This is a WebApp that is running on Win2k3 Server IIS 6.

I have logged on with the account and password supplied and that works
fine and the account can change the password.

Any thoughts would be appreciated.



As I told you in your previous posting:
- you are running this code on a NON domain member, and
- the account running this code is not a domain account (obviously)
That means that you can't use "SetPassword" to reset an accounts password, this is because
Windows cannot create a secure (encrypted) channel between the two machines (IIS server and
AD server) to establish the "SetPassword" protocol

The are a number of solutions for this problem.
You could add the IIS server machine to the login domain, if this isn't possible, you have
to use SSL as transport between both machines.
Please search MSDN for a description on how to configure AD for SSL access and how to export
the certificates to the clients.

Willy.





.

Relevant Pages