Error -2147023677 when calling OpenDSObject
Harrop@discussions.microsoft.com Sean Harrop
access an internal web site. This code has been working correctly for well
over a year.
Earlier this week, we started receiving error -2147023677, with no error
source or description (also randomly we have received 2147023169 and
2147023446). I'm not sure if this has anything to do with a MS patch or if
some network setting has changed?
If anyone has any input on this, it would be greatly appreciated.
For the sake of space, here is a summarized version of the code in question.
'-- get username and password --
strLogin = request("login")
strPassword = request("password")
'-- set active directory / nt login settings --
strNTDomain = "domainname"
strADsPath = "WinNT://" & strNTDomain
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
strNTLogin = strNTDomain & "\" & trim(strLogin)
strNTPassword = strPassword
on error resume next
'-- authenticate username and password --
set objADsObject = GetObject(strADsPath)
set objADsNamespace = GetObject(strADsNamespace)
set objADsObject = objADsNamespace.OpenDSObject(strADsPath, strNTLogin,
strNTPassword , 0)
'-- check authentication --
select case Err.number
case 0 'AUTHENTICATED THROUGH ADSI
'...
case -2147023570 'BAD PASSWORD
'...
case -2147022987 'TOO MANY TRIES
'...
case -2147467259 'CAN'T CONNECT TO DOMAIN SERVER
'...
case else 'UNKNOWN ERROR
response.write err.number & " " & err.source & " " & err.description
'-2147023677 ???
'-2147023446 ???
'-2147023169 ???
end select
'-- free resources --
set objADsObject = nothing
set objADsNamespace = nothing
on error goto 0
Marc Scheuner [MVP ADSI]
>access an internal web site. This code has been working correctly for well
>over a year.
>Earlier this week, we started receiving error -2147023677, with no error
>source or description (also randomly we have received 2147023169 and
>2147023446).
-2147023677 = 0x800704c3
Multiple connections to a server or shared resource by the same user,
using more than one user name, are not allowed. Disconnect all
previous connections to the server or shared resource and try again
-2147023169 = 0x800706bf
The remote procedure call failed and did not execute
-2147023446 = 0x800705aa
Insufficient system resources exist to complete the requested service
You might want to search the knowledgebase for those error (in hex
representation) - not really clear what they could be from, but at
least you have a decsription now! ;-)
HTH
Marc
________________________________________________________________
Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
Microsoft MVP for Directory Services Programming
http://www.dirteam.com/blogs/mscheuner/default.aspx
http://groups.yahoo.com/group/ADSIANDDirectoryServices/
Sean Harrop
access an internal web site. This code has been working correctly for well
over a year.
Earlier this week, we started receiving error -2147023677, with no error
source or description (also randomly we have received 2147023169 and
Joe Kaplan (MVP - ADSI)
you talking to AD? If so, you should switch to LDAP. That should help you
resolve the issue.
You still need to be very careful using ADSI for authentication as there are
some other situations that can get you in trouble under high load, but LDAP
should at least get you closer.
HTH,
Joe K.
"Sean Harrop" <SeanH...@discussions.microsoft.com> wrote in message
news:6D9E30D6-8086-4FDC...@microsoft.com...
Sean Harrop
Thanks for the quick response. :)
Most of the LDAP examples I have seen require an administrator username and
password which would be stored in plain text, so my network admin is VERY
hesitant about implementing something like that.
In addition, I haven't had much success finding code that would just
authenticate a user. Many list phone numbers, email, departments, etc.
Could you point me in the right direction of an implementation that uses a
regular (non administrative) username and password validation?
Thanks in advance,
Sean Harrop
Joe Kaplan (MVP - ADSI)
RootDSE.
As long as the password isn't blank, it will give you a valid result.
Something along the lines of:
OpenDsObject("LDAP://yourdomain.com/RootDSE", "domain\user", "pwd", 1)
The only thing to check in advance is whether the pwd is null because LDAP
spec says that null pwd should be accepted and result in anonymous bind.
You don't want that.
HTH,
Joe K.
"Sean Harrop" <SeanH...@discussions.microsoft.com> wrote in message
news:83758781-A944-4037...@microsoft.com...
Sean Harrop
Thanks for your assistance. Basically I had to change the ADsPath to use
"LDAP://" rather than "WinNT://" and specify the ADS_SECURE_AUTHENTICATION
value of 1 in the OpenDSObject call.
The following classic ASP code is working in my situation. It can be used
in VB6 when referencing "Active DS Type Library".
'-- get username and password --
strLogin = request("login")
strPassword = request("password")
'-- set active directory / nt login settings --
strNTDomain = "domainname"
strADsPath = "LDAP://" & strNTDomain
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
strNTLogin = strNTDomain & "\" & trim(strLogin)
strNTPassword = strPassword
on error resume next
'-- authenticate username and password --
set objADsObject = GetObject(strADsPath)
set objADsNamespace = GetObject(strADsNamespace)
set objADsObject = objADsNamespace.OpenDSObject(strADsPath, strNTLogin,
strNTPassword , 1)
'-- check authentication --
select case Err.number
case 0 'AUTHENTICATED THROUGH ADSI
'...
case -2147023570 'BAD PASSWORD
'...
case -2147022987 'TOO MANY TRIES
'...
case -2147467259 'CAN'T CONNECT TO DOMAIN SERVER
'...
case else 'UNKNOWN ERROR
'...
end select
'-- free resources --
set objADsObject = nothing
set objADsNamespace = nothing
on error goto 0