locked
An Operations Error Occured RRS feed

  • Question

  • Hi,

     

    I am having problems adding groups to my applications via the 'Access Permissions' tab. When I click 'Add...' I get an message dialog stating 'An operations error occured.'.

     

    When I click OK the 'Add/Edit User Group' dialog appears but I am unable to access the domain groups. The following is from the sftmmc.log file

     

    ManagementConsole.MCException: An operations error occurred.
     ---> System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred.


    Server stack trace:
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_AdsObject()
       at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
       at System.DirectoryServices.DirectorySearcher.FindAll()
       at SoftGrid.Management.DataAccess.AdAccountQueries.SearchDirectory(AccountObjectData parent, String filter, SearchScope scope)
       at SoftGrid.Management.DataAccess.AdAccountQueries.GetGroups(AccountObjectData parent, AccountObjectData[]& subContainers, AccountObjectData[]& groups)
       at SoftGrid.Management.DataAccess.AccountQueries.GetGroups(AccountObjectData parent, AccountObjectData[]& subContainers, AccountObjectData[]& groups)
       at SoftGrid.Management.Accounts.GetGroups(AccountContainer parent, AccountContainer[]& subContainers, AccountGroup[]& groups)
       at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at SoftGrid.Management.IAccounts.GetGroups(AccountContainer parent, AccountContainer[]& subContainers, AccountGroup[]& groups)
       at ManagementConsole.ManagementSession.GetGroups(AccountContainer parent, AccountContainer[]& subContainers, AccountGroup[]& groups)
       --- End of inner exception stack trace ---


     

    has anyone seen this before, as I am now no longer able to perssion applications.

     

    Thanks,

     

    Andy

    Thursday, January 17, 2008 1:44 PM

Answers

  • Add the code you've written in the
    using(HostingEnvironment.Impersonate()) block like:



    using(HostingEnvironment.Impersonate())
    {

    m_LoginName
    As String = Environment.UserName.ToString
    Dim dirEntry As
    System.DirectoryServices.DirectoryEntry
    Dim dirSearcher As
    System.DirectoryServices.DirectorySearcher
    dirEntry = New System.DirectoryServices.DirectoryEntry(LDAP://abc.com
    )
    dirSearcher =
    New
    System.DirectoryServices.DirectorySearcher(dirEntry)
    dirSearcher.Filter =
    "(samAccountName=" & m_LoginName &
    ")"
    Dim sr As
    SearchResult = dirSearcher.FindOne()
    Dim de As
    System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry()
    Dim sUserName As String = de.Properties("GivenName"
    ).Value.ToString()
    Dim sLName As String = de.Properties("Sn"
    ).Value.ToString() 
    Lgname1.Text =
    "Welcome : " & sUserName & " "
    & sLName
    }

    Hope it works!!

    Thursday, January 7, 2010 8:12 AM

All replies

  •  

    I have seen this error on websites that has impersonation set to true in the web.config file with NTLM or Kerberos authentication set. (due to the fact that the users token is a "secondary token" that cannot be used when authenticating against another server)

     

    You could either use Basic Authentication or switch the impersonation setting to false in web.config (which might break the app)

     

    I have a small blogentry about the error when seen in sharepoint, but I guess that you're not going to change the code.. Wink

    http://sharepoint-tweaking.blogspot.com/2007/12/impersonation-in-aspnet-causes.html

    Friday, January 18, 2008 9:44 PM
  •  

    I found one of the error codes 0x80072020 may point to a problem contacting/communicating with the AD. Anything out of the ordinary in the Event logs or the SFT logs?

     

     

    Tuesday, January 22, 2008 6:11 PM
  •  

    Switching to Basic Authentication did the Trick but it is not a very good solution. As automatic login will not work anymore.

    I'm generating a Self Service Application where users can Alter some of their AD Properties.

     

    So this is really very annoying.

     

    BR
    Daniel

    Tuesday, August 19, 2008 3:12 PM
  • Hi Daniel,

    I'm having the exact same problem.  Did you find a solution that did not require Basic Authentication?

    Thanks for any help!
    Tim
    Tuesday, October 7, 2008 7:32 PM
  •  PerG wrote:

     

    I have seen this error on websites that has impersonation set to true in the web.config file with NTLM or Kerberos authentication set. (due to the fact that the users token is a "secondary token" that cannot be used when authenticating against another server)

     

    You could either use Basic Authentication or switch the impersonation setting to false in web.config (which might break the app)

     

    I have a small blogentry about the error when seen in sharepoint, but I guess that you're not going to change the code..

    http://sharepoint-tweaking.blogspot.com/2007/12/impersonation-in-aspnet-causes.html

     

    I was using Windows Authentication for hosting my intranet site. In my web.config file is was   

    <authentication mode="Windows"/>
      <identity impersonate="true"/>

     

    But still it was not working and error was showing on  dirSearch.FindOne(); since I was using Directory search in Active Directory for user authentication.  Your code below works properly to send user credential in SQL Server and now I am able to use User_Name keyword in sql server. It gets the user name what we authenticate from domain users.

    using System.Web.Hosting;
    ...
    ...

    // Code here runs as the logged on user

    using (HostingEnvironment.Impersonate()) {
    // This code runs as the application pool user
         DirectorySearcher searcher ...
    }

    Thank you very much!.

    Friday, November 14, 2008 3:31 PM
  • Thanks a million yar, you saved me, I was really worried about the issue..

    using(HostingEnvironment.Impersonate())
    {

        code ..... blah blah blah...

    }

    solved my problem...

    Thursday, January 8, 2009 12:31 PM
  • You're a genius! Thanks so much!
    Monday, June 8, 2009 6:34 PM
  • Thanks man, you saved my whole day or might me more :)


    It was bang on the target.
    Friday, December 11, 2009 10:24 AM
  • Hi vijander,

    i have same problem in the with my vb.net code.
    here is my code..

    Protected

     

    Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load


    Dim

     

    m_LoginName As String = Environment.UserName.ToString
    Dim dirEntry As System.DirectoryServices.DirectoryEntry
    Dim dirSearcher As System.DirectoryServices.DirectorySearcher
    dirEntry = New System.DirectoryServices.DirectoryEntry(LDAP://abc.com)
    dirSearcher =
    New System.DirectoryServices.DirectorySearcher(dirEntry)
    dirSearcher.Filter =
    "(samAccountName=" & m_LoginName & ")"
    Dim sr As SearchResult = dirSearcher.FindOne()
    Dim de As System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry()
    Dim sUserName As String = de.Properties("GivenName").Value.ToString()
    Dim sLName As String = de.Properties("Sn").Value.ToString() 
    Lgname1.Text =
    "Welcome : " & sUserName & " " & sLName

     

    End Sub

     

     



    lines in my web.config file are..
    <authentication mode="Windows"/>
      <identity impersonate="true"/>

    Could you please hlep me how do i overcome the issues.. using... (HostingEnvironment.Impersonate())

    do i need to add this in my code page.. please help me here ...

    -Ravi.



    Thursday, January 7, 2010 6:15 AM
  • Add the code you've written in the
    using(HostingEnvironment.Impersonate()) block like:



    using(HostingEnvironment.Impersonate())
    {

    m_LoginName
    As String = Environment.UserName.ToString
    Dim dirEntry As
    System.DirectoryServices.DirectoryEntry
    Dim dirSearcher As
    System.DirectoryServices.DirectorySearcher
    dirEntry = New System.DirectoryServices.DirectoryEntry(LDAP://abc.com
    )
    dirSearcher =
    New
    System.DirectoryServices.DirectorySearcher(dirEntry)
    dirSearcher.Filter =
    "(samAccountName=" & m_LoginName &
    ")"
    Dim sr As
    SearchResult = dirSearcher.FindOne()
    Dim de As
    System.DirectoryServices.DirectoryEntry = sr.GetDirectoryEntry()
    Dim sUserName As String = de.Properties("GivenName"
    ).Value.ToString()
    Dim sLName As String = de.Properties("Sn"
    ).Value.ToString() 
    Lgname1.Text =
    "Welcome : " & sUserName & " "
    & sLName
    }

    Hope it works!!

    Thursday, January 7, 2010 8:12 AM
  • My friend, it works very well!! Thank you so much!
    Sunday, February 7, 2010 1:59 PM
  • I was having same problem, spent a day with frustration and then found this forum. It did the trick

    THANKS A BUNCH !!!

    SharePoint Developer
    Monday, March 15, 2010 9:06 PM
  • I went through above post and implemented it on my code but on debug mode it is working fine but when i deployed it on local iis is not working

    public void DisplayUser(IIdentity id)
        {

            WindowsIdentity winId = id as WindowsIdentity;
            if (id == null)
            {
                Console.WriteLine("Identity is not a windows identity");
                return;
            }
          
                string userInQuestion = winId.Name.Split('\\')[1];
                string myDomain = winId.Name.Split('\\')[0];
                DirectoryEntry entry = new DirectoryEntry("LDAP://" + myDomain);
                DirectorySearcher adSearcher = new DirectorySearcher(entry);

                adSearcher.SearchScope = SearchScope.Subtree;
                adSearcher.Filter = "(samAccountName=" + userInQuestion + ")";
                //adSearcher.Filter = "(&(objectClass=user)(samaccountname=" + userInQuestion + "))";
                SearchResult userObject;
                using (HostingEnvironment.Impersonate())
                {
                    userObject = adSearcher.FindOne();
                }
                StringBuilder data = new StringBuilder();
                System.Collections.ArrayList list = new System.Collections.ArrayList();          
           
                if (userObject != null)
                {          
                    lblLoginName.Text = id.Name;
                    lblFullName.Text = userObject.Properties["displayname"][0].ToString();
                    lblEmailID.Text = userObject.Properties["mail"][0].ToString();
                    lblMobileNo.Text = userObject.Properties["mobile"][0].ToString();
                    lblTitle.Text = userObject.Properties["title"][0].ToString();
                }       
        }

     

    error is

     


    Logon failure: unknown user name or bad password.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.DirectoryServices.DirectoryServicesCOMException: Logon failure: unknown user name or bad password.


    Source Error:

    Line 43:       using (HostingEnvironment.Impersonate())
    Line 44: {
    Line 45: userObject = adSearcher.FindOne();
    Line 46: }
    Line 47: StringBuilder data = new StringBuilder();

    Source File: d:\RC System\Authentication\Login.aspx.cs    Line: 45

    Stack Trace:

    [DirectoryServicesCOMException (0x8007052e): Logon failure: unknown user name or bad password.
    ]
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +420085
    System.DirectoryServices.DirectoryEntry.Bind() +36
    System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
    System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
    System.DirectoryServices.DirectorySearcher.FindOne() +45
    Login.DisplayUser(IIdentity id) in d:\RC System\Authentication\Login.aspx.cs:45
    Login.Page_Load(Object sender, EventArgs e) in d:\RC System\Authentication\Login.aspx.cs:21
    System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
    System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
    System.Web.UI.Control.OnLoad(EventArgs e) +91
    System.Web.UI.Control.LoadRecursive() +74
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207

    Saturday, October 23, 2010 5:53 AM
  • Thanks man.. It worked for me!!

     

    Tuesday, March 8, 2011 10:24 PM
  •  

    HostingEnvironment.Impersonate works like a charm.  Thank you!!!!

    Friday, April 1, 2011 3:16 PM
  • That totally solved my problem.  Thank You!
    Tuesday, April 12, 2011 1:38 PM
  • Awesome advice.  Worked perfectly for me.  Thank you!!!
    Wednesday, June 22, 2011 4:10 PM
  • Thank you for the psoting this reply saved me.. Thanks and Regards, Anil Kumar.S.R
    Sunday, July 10, 2011 11:41 AM
  • Sometimes things are so simple, thanks for the solution.

    Monday, September 12, 2011 1:05 PM
  • Excelnte, Gracias me salvaste la vida. Saludos desde Mty, Mexico.
    Friday, January 13, 2012 6:41 PM
  • Thanks a lot Vijander, u r truly a life saver. My project is just about to go in prod. And my DirectorySearcher worked like a charm on local machine. But as soon as it went on IIS, it gave an exception 'An operations error occured.'  Then I just included the using(HostingEnvironment.Impersonate()) and it got solved.

    Thanks a ton.............


    • Edited by _neo Wednesday, August 1, 2012 1:03 PM
    Wednesday, August 1, 2012 1:02 PM
  • I used to face the same problem everyone is facing when I upload my code to the IIS server machine, but the code would run fine if I compile and run the project from my local machine where I am logged in as a user that is part from the domain where I am looking for other users.

    I tried this trick and it worked great. The only difference is that the code works much slower. Is that normal? Is there a way to have this process faster since I am planning to implement the same code in each page on my website. If there's another way to do what I am trying to achieve with my code that does not require the "HostinEnvironment.Impersonate()" workaround so it could run faster I am willing to pursue it.

    I am trying to get the Windows logged in user's given name or display name. Here is my code:

    using (HostingEnvironment.Impersonate())
    {
    	PrincipalContext pc = new PrincipalContext(ContextType.Domain);
    	UserPrincipal up = UserPrincipal.FindByIdentity(pc, Context.User.Identity.Name);
    	string Owner = up.DisplayName;
    }

    Many thanks,

    Amy

    • Edited by Amy0907 Tuesday, August 7, 2012 10:47 PM
    Tuesday, August 7, 2012 10:46 PM
  • I used to face the same problem everyone is facing when I upload my code to the IIS server machine, but the code would run fine if I compile and run the project from my local machine where I am logged in as a user that is part from the domain where I am looking for other users.

    I tried this trick and it worked great. The only difference is that the code works much slower. Is that normal? Is there a way to have this process faster since I am planning to implement the same code in each page on my website. If there's another way to do what I am trying to achieve with my code that does not require the "HostinEnvironment.Impersonate()" workaround so it could run faster I am willing to pursue it.

    I am trying to get the Windows logged in user's given name or display name. Here is my code:

    using (HostingEnvironment.Impersonate())
    {
    	PrincipalContext pc = new PrincipalContext(ContextType.Domain);
    	UserPrincipal up = UserPrincipal.FindByIdentity(pc, Context.User.Identity.Name);
    	string Owner = up.DisplayName;
    }

    Many thanks,

    Amy

    Hi Amy,

    What you can do, say, if this was an intranet, when the end-user first logs in, use a line as such and you never have to call that code again.

    // C# // Set it Session["variableCurrentDisplayName"] = up.DisplayName;

    // Get it

    var userName = Session["variableCurrentDisplayName"].ToString();


    Its a session variable that will disappear when the user closes their browser, logs off, or the session times-out.

    Session is per user and Application is per web application. Though, sometimes the web application pool/thread will recycle.

    Also, I had the same error everyone here is talking about. The solution was to reboot my domain controller then my web server. Sometimes you get the COM error message and sometimes you get the "Operation error occurred" I can tell because my code that accesses the Active Directory to get the username/display stops working when it was working for months. Though I will try the solution here in a test project.

    My situation was with an intranet web application that did not use impersonation, but did use ActiveDirectyMembershipProvider with Forms Authentication, Azman.msc with XML better known as Authorization Manager, created custom groups in AzMan then assigned users from Active Directory into these groups. Save/place the XML file in your "App_Data" folder on your web application.



    "I am not discouraged, because every wrong attempt discarded is another step forward." Thomas Edison


    Wednesday, December 5, 2012 2:05 AM