locked
An Operations Error Occured

    Pergunta

  • Hi,

     

    I am having problems adding groups to my applications via the 'Access Permissions' tab. When I click 'Add...' I get an message dialog stating 'An operations error occured.'.

     

    When I click OK the 'Add/Edit User Group' dialog appears but I am unable to access the domain groups. The following is from the sftmmc.log file

     

    ManagementConsole.MCException: An operations error occurred.
     ---> System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred.


    Server stack trace:
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_AdsObject()
       at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
       at System.DirectoryServices.DirectorySearcher.FindAll()
       at SoftGrid.Management.DataAccess.AdAccountQueries.SearchDirectory(AccountObjectData parent, String filter, SearchScope scope)
       at SoftGrid.Management.DataAccess.AdAccountQueries.GetGroups(AccountObjectData parent, AccountObjectData[]& subContainers, AccountObjectData[]& groups)
       at SoftGrid.Management.DataAccess.AccountQueries.GetGroups(AccountObjectData parent, AccountObjectData[]& subContainers, AccountObjectData[]& groups)
       at SoftGrid.Management.Accounts.GetGroups(AccountContainer parent, AccountContainer[]& subContainers, AccountGroup[]& groups)
       at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at SoftGrid.Management.IAccounts.GetGroups(AccountContainer parent, AccountContainer[]& subContainers, AccountGroup[]& groups)
       at ManagementConsole.ManagementSession.GetGroups(AccountContainer parent, AccountContainer[]& subContainers, AccountGroup[]& groups)
       --- End of inner exception stack trace ---


     

    has anyone seen this before, as I am now no longer able to perssion applications.

     

    Thanks,

     

    Andy

    quinta-feira, 17 de janeiro de 2008 13:44

Respostas

  • Add the code you've written in the
    using(HostingEnvironment.Impersonate()) block like:



    using(HostingEnvironment.Impersonate())
    {

    m_LoginName
    As String = Environment.UserName.ToString
    Dim dirEntry As
    System.DirectoryServices.DirectoryEntry
    Dim dirSearcher As
    System.DirectoryServices.DirectorySearcher
    dirEntry = New System.DirectoryServices.DirectoryEntry(LDAP://abc.com
    )
    dirSearcher =
    New
    System.DirectoryServices.DirectorySearcher(dirEntry)
    dirSearcher.Filter =
    "(samAccountName=" & m_LoginName &
    ")"
    Dim sr As
    SearchResult = dirSearcher.FindOne()
    Dim de As
    System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry()
    Dim sUserName As String = de.Properties("GivenName"
    ).Value.ToString()
    Dim sLName As String = de.Properties("Sn"
    ).Value.ToString() 
    Lgname1.Text =
    "Welcome : " & sUserName & " "
    & sLName
    }

    Hope it works!!

    quinta-feira, 7 de janeiro de 2010 08:12

Todas as Respostas

  •  

    I have seen this error on websites that has impersonation set to true in the web.config file with NTLM or Kerberos authentication set. (due to the fact that the users token is a "secondary token" that cannot be used when authenticating against another server)

     

    You could either use Basic Authentication or switch the impersonation setting to false in web.config (which might break the app)

     

    I have a small blogentry about the error when seen in sharepoint, but I guess that you're not going to change the code.. Wink

    http://sharepoint-tweaking.blogspot.com/2007/12/impersonation-in-aspnet-causes.html

    sexta-feira, 18 de janeiro de 2008 21:44
  •  

    I found one of the error codes 0x80072020 may point to a problem contacting/communicating with the AD. Anything out of the ordinary in the Event logs or the SFT logs?

     

     

    terça-feira, 22 de janeiro de 2008 18:11
  •  

    Switching to Basic Authentication did the Trick but it is not a very good solution. As automatic login will not work anymore.

    I'm generating a Self Service Application where users can Alter some of their AD Properties.

     

    So this is really very annoying.

     

    BR
    Daniel

    terça-feira, 19 de agosto de 2008 15:12
  • Hi Daniel,

    I'm having the exact same problem.  Did you find a solution that did not require Basic Authentication?

    Thanks for any help!
    Tim
    terça-feira, 7 de outubro de 2008 19:32
  •  PerG wrote:

     

    I have seen this error on websites that has impersonation set to true in the web.config file with NTLM or Kerberos authentication set. (due to the fact that the users token is a "secondary token" that cannot be used when authenticating against another server)

     

    You could either use Basic Authentication or switch the impersonation setting to false in web.config (which might break the app)

     

    I have a small blogentry about the error when seen in sharepoint, but I guess that you're not going to change the code..

    http://sharepoint-tweaking.blogspot.com/2007/12/impersonation-in-aspnet-causes.html

     

    I was using Windows Authentication for hosting my intranet site. In my web.config file is was   

    <authentication mode="Windows"/>
      <identity impersonate="true"/>

     

    But still it was not working and error was showing on  dirSearch.FindOne(); since I was using Directory search in Active Directory for user authentication.  Your code below works properly to send user credential in SQL Server and now I am able to use User_Name keyword in sql server. It gets the user name what we authenticate from domain users.

    using System.Web.Hosting;
    ...
    ...

    // Code here runs as the logged on user

    using (HostingEnvironment.Impersonate()) {
    // This code runs as the application pool user
         DirectorySearcher searcher ...
    }

    Thank you very much!.

    sexta-feira, 14 de novembro de 2008 15:31
  • Thanks a million yar, you saved me, I was really worried about the issue..

    using(HostingEnvironment.Impersonate())
    {

        code ..... blah blah blah...

    }

    solved my problem...

    quinta-feira, 8 de janeiro de 2009 12:31
  • You're a genius! Thanks so much!
    segunda-feira, 8 de junho de 2009 18:34
  • Thanks man, you saved my whole day or might me more :)


    It was bang on the target.
    sexta-feira, 11 de dezembro de 2009 10:24
  • Hi vijander,

    i have same problem in the with my vb.net code.
    here is my code..

    Protected

     

    Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load


    Dim

     

    m_LoginName As String = Environment.UserName.ToString
    Dim dirEntry As System.DirectoryServices.DirectoryEntry
    Dim dirSearcher As System.DirectoryServices.DirectorySearcher
    dirEntry = New System.DirectoryServices.DirectoryEntry(LDAP://abc.com)
    dirSearcher =
    New System.DirectoryServices.DirectorySearcher(dirEntry)
    dirSearcher.Filter =
    "(samAccountName=" & m_LoginName & ")"
    Dim sr As SearchResult = dirSearcher.FindOne()
    Dim de As System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry()
    Dim sUserName As String = de.Properties("GivenName").Value.ToString()
    Dim sLName As String = de.Properties("Sn").Value.ToString() 
    Lgname1.Text =
    "Welcome : " & sUserName & " " & sLName

     

    End Sub

     

     



    lines in my web.config file are..
    <authentication mode="Windows"/>
      <identity impersonate="true"/>

    Could you please hlep me how do i overcome the issues.. using... (HostingEnvironment.Impersonate())

    do i need to add this in my code page.. please help me here ...

    -Ravi.



    quinta-feira, 7 de janeiro de 2010 06:15
  • Add the code you've written in the
    using(HostingEnvironment.Impersonate()) block like:



    using(HostingEnvironment.Impersonate())
    {

    m_LoginName
    As String = Environment.UserName.ToString
    Dim dirEntry As
    System.DirectoryServices.DirectoryEntry
    Dim dirSearcher As
    System.DirectoryServices.DirectorySearcher
    dirEntry = New System.DirectoryServices.DirectoryEntry(LDAP://abc.com
    )
    dirSearcher =
    New
    System.DirectoryServices.DirectorySearcher(dirEntry)
    dirSearcher.Filter =
    "(samAccountName=" & m_LoginName &
    ")"
    Dim sr As
    SearchResult = dirSearcher.FindOne()
    Dim de As
    System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry()
    Dim sUserName As String = de.Properties("GivenName"
    ).Value.ToString()
    Dim sLName As String = de.Properties("Sn"
    ).Value.ToString() 
    Lgname1.Text =
    "Welcome : " & sUserName & " "
    & sLName
    }

    Hope it works!!

    quinta-feira, 7 de janeiro de 2010 08:12
  • My friend, it works very well!! Thank you so much!
    domingo, 7 de fevereiro de 2010 13:59
  • I was having same problem, spent a day with frustration and then found this forum. It did the trick

    THANKS A BUNCH !!!

    SharePoint Developer
    segunda-feira, 15 de março de 2010 21:06
  • I went through above post and implemented it on my code but on debug mode it is working fine but when i deployed it on local iis is not working

    public void DisplayUser(IIdentity id)
        {

            WindowsIdentity winId = id as WindowsIdentity;
            if (id == null)
            {
                Console.WriteLine("Identity is not a windows identity");
                return;
            }
          
                string userInQuestion = winId.Name.Split('\\')[1];
                string myDomain = winId.Name.Split('\\')[0];
                DirectoryEntry entry = new DirectoryEntry("LDAP://" + myDomain);
                DirectorySearcher adSearcher = new DirectorySearcher(entry);

                adSearcher.SearchScope = SearchScope.Subtree;
                adSearcher.Filter = "(samAccountName=" + userInQuestion + ")";
                //adSearcher.Filter = "(&(objectClass=user)(samaccountname=" + userInQuestion + "))";
                SearchResult userObject;
                using (HostingEnvironment.Impersonate())
                {
                    userObject = adSearcher.FindOne();
                }
                StringBuilder data = new StringBuilder();
                System.Collections.ArrayList list = new System.Collections.ArrayList();          
           
                if (userObject != null)
                {          
                    lblLoginName.Text = id.Name;
                    lblFullName.Text = userObject.Properties["displayname"][0].ToString();
                    lblEmailID.Text = userObject.Properties["mail"][0].ToString();
                    lblMobileNo.Text = userObject.Properties["mobile"][0].ToString();
                    lblTitle.Text = userObject.Properties["title"][0].ToString();
                }       
        }

     

    error is

     


    Logon failure: unknown user name or bad password.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.DirectoryServices.DirectoryServicesCOMException: Logon failure: unknown user name or bad password.


    Source Error:

    Line 43:       using (HostingEnvironment.Impersonate())
    Line 44: {
    Line 45: userObject = adSearcher.FindOne();
    Line 46: }
    Line 47: StringBuilder data = new StringBuilder();

    Source File: d:\RC System\Authentication\Login.aspx.cs    Line: 45

    Stack Trace:

    [DirectoryServicesCOMException (0x8007052e): Logon failure: unknown user name or bad password.
    ]
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +420085
    System.DirectoryServices.DirectoryEntry.Bind() +36
    System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
    System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
    System.DirectoryServices.DirectorySearcher.FindOne() +45
    Login.DisplayUser(IIdentity id) in d:\RC System\Authentication\Login.aspx.cs:45
    Login.Page_Load(Object sender, EventArgs e) in d:\RC System\Authentication\Login.aspx.cs:21
    System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
    System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
    System.Web.UI.Control.OnLoad(EventArgs e) +91
    System.Web.UI.Control.LoadRecursive() +74
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207

    sábado, 23 de outubro de 2010 05:53
  • Thanks man.. It worked for me!!

     

    terça-feira, 8 de março de 2011 22:24
  •  

    HostingEnvironment.Impersonate works like a charm.  Thank you!!!!

    sexta-feira, 1 de abril de 2011 15:16
  • That totally solved my problem.  Thank You!
    terça-feira, 12 de abril de 2011 13:38
  • Awesome advice.  Worked perfectly for me.  Thank you!!!
    quarta-feira, 22 de junho de 2011 16:10
  • Thank you for the psoting this reply saved me.. Thanks and Regards, Anil Kumar.S.R
    domingo, 10 de julho de 2011 11:41
  • Sometimes things are so simple, thanks for the solution.

    segunda-feira, 12 de setembro de 2011 13:05
  • Excelnte, Gracias me salvaste la vida. Saludos desde Mty, Mexico.
    sexta-feira, 13 de janeiro de 2012 18:41
  • Thanks a lot Vijander, u r truly a life saver. My project is just about to go in prod. And my DirectorySearcher worked like a charm on local machine. But as soon as it went on IIS, it gave an exception 'An operations error occured.'  Then I just included the using(HostingEnvironment.Impersonate()) and it got solved.

    Thanks a ton.............


    • Editado _neo quarta-feira, 1 de agosto de 2012 13:03
    quarta-feira, 1 de agosto de 2012 13:02
  • I used to face the same problem everyone is facing when I upload my code to the IIS server machine, but the code would run fine if I compile and run the project from my local machine where I am logged in as a user that is part from the domain where I am looking for other users.

    I tried this trick and it worked great. The only difference is that the code works much slower. Is that normal? Is there a way to have this process faster since I am planning to implement the same code in each page on my website. If there's another way to do what I am trying to achieve with my code that does not require the "HostinEnvironment.Impersonate()" workaround so it could run faster I am willing to pursue it.

    I am trying to get the Windows logged in user's given name or display name. Here is my code:

    using (HostingEnvironment.Impersonate())
    {
    	PrincipalContext pc = new PrincipalContext(ContextType.Domain);
    	UserPrincipal up = UserPrincipal.FindByIdentity(pc, Context.User.Identity.Name);
    	string Owner = up.DisplayName;
    }

    Many thanks,

    Amy

    • Editado Amy0907 terça-feira, 7 de agosto de 2012 22:47
    terça-feira, 7 de agosto de 2012 22:46
  • I used to face the same problem everyone is facing when I upload my code to the IIS server machine, but the code would run fine if I compile and run the project from my local machine where I am logged in as a user that is part from the domain where I am looking for other users.

    I tried this trick and it worked great. The only difference is that the code works much slower. Is that normal? Is there a way to have this process faster since I am planning to implement the same code in each page on my website. If there's another way to do what I am trying to achieve with my code that does not require the "HostinEnvironment.Impersonate()" workaround so it could run faster I am willing to pursue it.

    I am trying to get the Windows logged in user's given name or display name. Here is my code:

    using (HostingEnvironment.Impersonate())
    {
    	PrincipalContext pc = new PrincipalContext(ContextType.Domain);
    	UserPrincipal up = UserPrincipal.FindByIdentity(pc, Context.User.Identity.Name);
    	string Owner = up.DisplayName;
    }

    Many thanks,

    Amy

    Hi Amy,

    What you can do, say, if this was an intranet, when the end-user first logs in, use a line as such and you never have to call that code again.

    // C# // Set it Session["variableCurrentDisplayName"] = up.DisplayName;

    // Get it

    var userName = Session["variableCurrentDisplayName"].ToString();


    Its a session variable that will disappear when the user closes their browser, logs off, or the session times-out.

    Session is per user and Application is per web application. Though, sometimes the web application pool/thread will recycle.

    Also, I had the same error everyone here is talking about. The solution was to reboot my domain controller then my web server. Sometimes you get the COM error message and sometimes you get the "Operation error occurred" I can tell because my code that accesses the Active Directory to get the username/display stops working when it was working for months. Though I will try the solution here in a test project.

    My situation was with an intranet web application that did not use impersonation, but did use ActiveDirectyMembershipProvider with Forms Authentication, Azman.msc with XML better known as Authorization Manager, created custom groups in AzMan then assigned users from Active Directory into these groups. Save/place the XML file in your "App_Data" folder on your web application.



    "I am not discouraged, because every wrong attempt discarded is another step forward." Thomas Edison


    quarta-feira, 5 de dezembro de 2012 02:05