Re: ADAM making a call from 2000 server instead of 2003

You can only run IIS 6 on 2003 and IIS 5 on 2000, so that shouldn't be hard
to figure out. What I suspect may be happening is that you are binding to
ADAM using default credentials in your code, but you are running under
different security contexts in IIS and getting different results from that.

In IIS 6, the process identity is defined by the app pool identity. By
default, this uses Network Service which uses the machine account of the
server when accessing the network. If the machine is domain joined, that
would be the machine account in the domain.

In IIS 5 with .NET code (which I think you might be using), the process
identity is determined by the processModel setting in machine.config and is
usually running under a local machine user called aspnet. That user may not
have any permissions in a remote ADAM as it isn't even a domain account.
This problem is very common.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"thetomatolord" <coolguys@xxxxxxxxxxxxx> wrote in message
news:7AB976A5-988C-4D71-8B1F-78E21177BA00@xxxxxxxxxxxxxxxx
The application is storing information in objects for individual users in
ADAM.

this particular part of the application is trying to save its settings
locally in a registry - after it is saves the setings the application
checks
the settings - in this case it is checkng the repository to make sure the
container information is correct.

Your response is some help - we did not really look at the security
settings
between iis and adam on the 2000 server.

I will find out what version of iis they are running

THnx
Martin
--
1 of the 300


"Joe Kaplan" wrote:

What is this code doing and what is the security model for access ADAM
from
IIS? IIS 5 and 6 have very different security models and are frequently
configured differently, so there is no surprise that this might not work,
but you would need to provide a lot more details in order to figure out
exactly what is happening.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"thetomatolord" <coolguys@xxxxxxxxxxxxx> wrote in message
news:A3736EDC-DD22-46F4-994E-6D85E8BED27B@xxxxxxxxxxxxxxxx
Setup

iis application accessing data on either a

what works
iis application on 2003 server accessing adam on that same 2003
server
what does not work
iis application on 2000 server accessing adam on a 2003 server (the
same
one as above).

ADAM is runing on a 2003 server
I am a domain admin on both the 2000 and 2003 box.
2000 is on SP4 with a bunch of patchs

If I run the command from the 2003 server it works, note I am only on
that
machine not going from machine to machine
if I run the command from the 2000 server it fails, in this case I am
going
from a 2000 server to the 2003 server

I am running the following command.
strServerQualified=LDAP://22.222.22.22:22222/
v0517.6/28/2007 10:16:44 AM ADAMStorage.IsValidSetup:
m_strRootDN=OU=container,dc=my,dc=name
v0517.6/28/2007 10:16:44 AM BaseStorage.DirectoryEntryExists: caught
exception, finish FALSE.
v0517.6/28/2007 10:16:44 AM ADAMStorage.IsValidSetup: throw exception
DirectoryEntryExists(m_strRootDN)==FALSE
v0517.6/28/2007 10:16:44 AM UserProvisioning.CheckStorage: caught
exception:
The requested setting "Root DN" is missing.

basically I am trying to store something in that container and 2003
finds
it
but 2000 wont.

other then the failed to find rootdn there are no other errors..

what we tried
SSL is turned on but we turned it off and we still had the issue
different users ids
reinstalled wes 3.0
checked all the iis settings

thnx!

tomatolord
--
1 of the 300





.

Relevant Pages

  • Re: Cant access companyweb or other website on IIS after installi
    ... Let's re-run CEICW to reset the network configuration. ... How to configure Internet access in Windows Small Business Server 2003 ... suggest you try it again and reset all the settings. ... Install MBExplorer by installing IIS 6 Resource Kit Tools: ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 After Service Pack 1 for SBS
    ... Controllers" groups have been added to the new CERTSVC_DCOM_ACCESS security ... we can have Certificate Services update the DCOM security settings ... down time for the server - probably over a weekend. ... Then please run command "iisreset" to refresh IIS ...
    (microsoft.public.windows.server.sbs)
  • Re: ADAM wirh SSL
    ... Resource kit to generate the self-signed cert I'm using. ... The cert works perfectly with IIS as well, so I know it *can* work. ... used this same procedure on a previous XP install with ADAM and IIS and it ... No suitable default server credential exists on this system. ...
    (microsoft.public.windows.server.active_directory)
  • Re: replicate IIS Setting between 2 IIS Server
    ... You can also export IIS settings to an XML file & import them to another ... Load Balancing: ... And if there's a server failure, ...
    (microsoft.public.inetserver.iis)
  • Re: ADAM making a call from 2000 server instead of 2003
    ... The application is storing information in objects for individual users in ADAM. ... the settings - in this case it is checkng the repository to make sure the ... between iis and adam on the 2000 server. ... I will find out what version of iis they are running ...
    (microsoft.public.windows.server.active_directory)