Forum / Devolutions Password Server - Support

Error while connecting to Devolutions Server through RDM with AD User

  • Create an Issue
  • Cancel

Hi,
We'je just deployed our Devolutions Server, authentication is based on a AD group (not a nested one).
Five persons are in the group, everything goes fine for four of them but the fifth cannot.

Same error on RDM and on the web interface, we have deleted and re-created the user. It works for a while and finally the error came back.
Any idea to help us ?

Devolutions Server 4.0.7 (same on 4.0.6)
RDM 12.0.8

Thanks a lot !
The following error was received by a user at 16/01/2017 14:15:15
Error:
PrincipalOperationException - Une référence a été renvoyée par le serveur. à System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDirectoryEntryAttributes(DirectoryEntry de) à System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.MoveNextMemberEnum() à System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.MoveNext() à System.DirectoryServices.AccountManagement.ADDNConstraintLinkedAttrSet.MoveNext() à System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext() à System.Linq.Enumerable.d__1`1.MoveNext() à System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) à Devolutions.RemoteDesktopManager.Business.DirectoryServicesGetUserDetailsResult.AssignFromPrincipalSearchResult(Principal principal, PrincipalSearchResult`1 directoryGroups) dans c:\Dev\devolutions\RemoteDesktopManager\Business\Results\DirectoryServicesGetUserDetailsResult.cs:ligne 63 à Devolutions.RemoteDesktopManager.Managers.DirectoryServicesManager.GetUserDetails(String fullName, DirectoryServicesQueryParameter directoryServicesQueryParameter, Boolean isMultiDomain, Boolean isNested, RoleInfoEntity[] roleNames) dans c:\Dev\devolutions\RemoteDesktopManager\Business\Managers\DirectoryServicesManager.cs:ligne 374 à Devolutions.Server.Providers.RDMSMembershipProvider.CheckPasswordActiveDirectoryMultiDomain(String username, String password, MembershipLoginData membershipLoginData) dans c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:ligne 864 à Devolutions.Server.Providers.RDMSMembershipProvider.DoValidateUserAgainstDomain(UserInfoEntity userInfoEntity, String password, MembershipLoginData membershipLoginData, Boolean addLoginData) dans c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:ligne 1094 à Devolutions.Server.Providers.RDMSMembershipProvider.DoValidateUser(String username, String password, MembershipLoginData loginData) dans c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:ligne 1014 à Devolutions.Server.Providers.RDMSMembershipProvider.AuthenticateUser(MembershipLoginData loginData, String userName, String password) dans c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:ligne 761 à Devolutions.Server.Providers.RDMSMembershipProvider.DoValidateUserFull(String userName, String password, MembershipLoginData loginData) dans c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:ligne 1199 à Devolutions.Server.Controllers.APIControllers.v2.BackendApiController.DoLogin(HttpRequestMessage request, String userName, String password, ClientApplicationInfo clientApplicationInfo, String twoFactorID, TwoFactorInfo twoFactorInfo, String publicIPAddress, Byte[] sessionKey, String repositoryId, Boolean partialMode) dans c:\Dev\devolutions\Websites\Server\Website\Controllers\APIControllers\BackendApiController.Login.cs:ligne 911 à Devolutions.Server.Controllers.APIControllers.v2.BackendApiController.Login2(HttpRequestMessage request, JObject requestData, Boolean partialMode) dans c:\Dev\devolutions\Websites\Server\Website\Controllers\APIControllers\BackendApiController.Login.cs:ligne 313 à lambda_method(Closure , Object , Object[] ) à System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters) à System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée --- à System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) à System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext() --- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée --- à System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) à System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée --- à System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée --- à System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) à System.Web.Http.Filters.ActionFilterAttribute.d__0.MoveNext() --- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée --- à System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) à System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext() --- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée --- à System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) à System.Web.Http.Controllers.ExceptionFilterResult.d__0.MoveNext() ------------------------------------------ DirectoryServicesCOMException - Une référence a été renvoyée par le serveur. à System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) à System.DirectoryServices.DirectoryEntry.Bind() à System.DirectoryServices.DirectoryEntry.RefreshCache() à System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDirectoryEntryAttributes(DirectoryEntry de) --- Default

Source:
System.DirectoryServices.AccountManagement

Clock3 yrs

Hello,

Could you please send us, at support@devolutions.net, your web.config file that is located in the web application folder of your Devolutions Server instance. Please remove any password you will find in this file.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Hello,

Thank you for your web.config file.

Does the account you have set in the Administration credentials option have full read permission on the entire domain?

image

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Yes, the account used for domain authentication is just member of the domain users group but it has full read permissions access to the AD.
The account which doesn't is in the same OU than the others.

Clock3 yrs

Hello,

Could you please run the PowerShell script attach to this post to compare two AD accounts?
Please use one AD accounts that currently works with the one that doesn't work.

image

It will be easier to compare these two accounts if you sort the results on the Attribute column.

image

Could you please send us the result at support@devolutions.net?

For your information, I have found this PowerShell script here http://pleasework.robbievance.net/howto-easily-compare-ad-attributes-between-users/

Best regards,



Érica Poirier

signaturesignature

ADCompare.ps1
Clock3 yrs