Active Directory LDAP Errors

Something I’ve copied from here: http://forum.java.sun.com/thread.jspa?messageID=4227692

Thanks Dave!

Just to find it easily:

Common Active Directory LDAP bind errors:

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
HEX: 0x525 – user not found
DEC: 1317 – ERROR_NO_SUCH_USER (The specified account does not exist.)
NOTE: Returns when username is invalid.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
HEX: 0x52e – invalid credentials
DEC: 1326 – ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.)
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893
HEX: 0x530 – not permitted to logon at this time
DEC: 1328 – ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.)
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0x531 – not permitted to logon from this workstation
DEC: 1329 – ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: <multivalued list of workstation names>]
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893
HEX: 0x532 – password expired
DEC: 1330 – ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.)
LDAP[userAccountControl: <bitmask=0x00800000>] – PASSWORDEXPIRED
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893
HEX: 0x533 – account disabled
DEC: 1331 – ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.)
LDAP[userAccountControl: <bitmask=0x00000002>] – ACCOUNTDISABLE
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893
HEX: 0x701 – account expired
DEC: 1793 – ERROR_ACCOUNT_EXPIRED (The user’s account has expired.)
LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] – ACCOUNTEXPIRED
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893
HEX: 0x773 – user must reset password
DEC: 1907 – ERROR_PASSWORD_MUST_CHANGE (The user’s password must be changed before logging on the first time.)
LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] – MUST_CHANGE_PASSWD
NOTE: Returns only when presented with valid username and password/credential.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893
HEX: 0x775 – account locked out
DEC: 1909 – ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.)
LDAP[userAccountControl: <bitmask=0x00000010>] – LOCKOUT
NOTE: Returns even if invalid password is presented.

In the ages of PATH

Why on hell in 2007 some applications can only process the Windows Path variable to the lengh of 128 characters?

And if the path they need is beyond that limit they fail miserably?

Check out the PATH variable when applications start to behave strangely after a reboot, when for example you just setup that brand new backup agent…

Weird .NET errors

I’ve come across some weird .NET errors in one Windows 2000 Server with .NET 1.1:

System.NullReferenceException inside the function System.Enum.System.IConvertible.ToBoolean;

Also System.ArgumentException creeps up.

The main issue here is that sometimes the application works, and some times it doesn’t. Also other applications that share the same web server show the same symptoms.

Another weird issue is that when one of the applications work, the other doesn’t work and vice-versa.

To cut a long story short, this boils down to an issue to the ADODB.DLL. Each .NET application has a BIN directory where sometimes there is an ADODB.DLL. If these versions mismatch each other’s application versions, the issue related above happens. Simple, right :)?

How to solve it? Well make sure that the several instances of ADODB.DLL is the same version on each application, OR remove ADODB.DLL from the BIN directory from each application and put it on the Global Assembly Cache (GAC). How?

1) Create a directory, for example c:\adodb

2) Move the version of ADODB.DLL to this directory

3) Make sure that there are no more instances of ADODB.DLL on your .NET applications

4) Stop IIS (iisreset /stop) and delete all the temporary files created on the Temporary ASP.Net Files folder of your framework installation (c:\winnt\Microsoft.Net\framework\v1.1.1432\Temporary Asp.Net files\)

5) Register the ADODB.DLL on the gac: gacutil /i c:\adodb\adodb.dll

6) Restart IIS, with IISRESET

Problem solved (I hope…)

What happens is that the first application that was hit, moved is version of ADODB.DLL to the assembly cache (temporary), and the other applications, due to version mismatch failed to work because of this…

Lesson learned: Make sure that your BIN directory has the same versions of each file for each application.