Skip to main content


 

Symptoms


I am trying to open K2 Smart Forms and am getting the following error:

System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational. Name: "SERVERNAME" ---> System.Runtime.InteropServices.COMException: The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) --- End of inner exception stack trace --- at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, Dir

 

Diagnoses


Change made to the following config file

1.Open and edit the Windows STS web.config (C:Program Files (x86)K2 blackpearlWebServicesIdentityStsWindowsweb.config)

2.Under the node add the following.


3.Save the file and perform an IISRESET
 

Resolution

This originally started because K2 only added the user info to the claim created by the windows STS as well as the group SID?s.
Then K2 received a feature request to add the group names that a user belongs to directly into the claim, so that customers can set access permissions for groups in IIS.
As IIS could not handle permissions if it only had the group SID?s in the claim, hence the feature request to add the full group name.
The feature was then added to the product to call GetGroups on the userPrincipal object in the windowsSTS when building the claim.

But, the GetGroups method also resolved the group details, and when doing this, has to connect to the ADDOMAIN the group belongs to.
So whenever there is an offline domain, a permissions issue, or any exception from AD when calling or looping through the GetGroup method, the WindowsSTS authentication failed as it stops executing when there is an exception, which is what the error is caused by that we were seeing on the K2.

This allows K2 to bypass the GetGroups method and return to how it functioned prior, which was just pulling in the Group SIDs for the membership of the user attempting to use K2.




 
Be the first to reply!

Reply