Symptoms
Error when Launching Designer.
System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
Diagnoses
Exception Details:
System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_SchemaEntry() at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.Accou
Resolution
Resolution:
On granting read access to the CN=Computers, I was able to render the Designer page successfully and have had no other errors so far.
The "The specified directory service attribute or value does not exist." error that you are seeing usually occurs when the application pool accountk2 service account does not have "Read" rights on certain levelsobject in the domain. K2's WindowsSTS uses the "System.DirectoryServices" code similar to below to retrieve attributes from account that authenticates with K2:
using System
using System.Collections.Generic
using System.Linq
using System.Text
using System.DirectoryServices.AccountManagement
using System.DirectoryServices
namespace TestInvalidCreds
{
class Program
{
static void Main(stringi] args)
{
PrincipalContext pc = new PrincipalContext(ContextType.Domain, "dc163608.local")
UserPrincipal up = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "InnerUser")
}
}
}
Base on some posts below, this error usually occurs if the K2 service account/application pool account does not have "Read" rights to the "Users" CN, "Computers" CN, or any custom CNs/OUs that would contain accounts accessing K2.
Error can occur if does not have "Read" rights to the "Users" CN:
http://blogs.msdn.com/b/dsadsi/archive/2009/08/28/getting-an-exception-the-specified-directory-service-attribute-or-value-does-not-exist-when-you-try-to-search-a-user-in-an-ad-container-using-system-directoryservices-accountmanagement-userprincipal-findbyidentity.aspx
Error can occurs if does not have "Read" rights to the "Computers" CN:
http://www.out-null.eu/2014/07/20/comexception-0x8007200a-the-specified-directory-service-attribute-or-value-does-not-exist/
"Read" rights can be granted using the "Advanced Features" option in the ADUC console:
http://kpytko.pl/2012/05/16/active-directory-rights-delegation-overview/