0 votes

Hi,

We are currently still running an older version of Adaxes (2014.1) and having an issue with our 2nd server of Adaxes that is in our DMZ. I would like to resolve this before we do our update, as I am prepping everything for the upgrade to version 2017.1. This Adaxes server is supposed to provide a Password reset Self Service to users that are connecting outside of our company network to reset their passwords.

This server has been working since we built it up till about a month ago, then we started getting errors:

After trying to Sign In on our IIS page for the password reset; the top left corner indicates

'domain name here' is not operational The LDAP server is unavailable.

Then I checked the event viewer logs for Adaxes and this is what I found each time I attempted to Sign In:

Description:

 Softerra.Adaxes.Web.Utils.LogMessageWrapperException: Failed to use an Adaxes service to validate the user credentials. --- Softerra.Adaxes.Adsi.DirectoryComException (0x8007054B): The specified domain either does not exist or could not be contacted.  
  at Softerra.Adaxes.Interop.SafeNativeMethods.LookupDomainName(String computerName, String domainName, String siteName, LookupDCFlags flags)  
  at Softerra.Adaxes.Utils.UsernameInfo.DetermineDomainName()  
  at Softerra.Adaxes.Utils.UsernameInfo.get\_DomainName()  
  at Softerra.Adaxes.Adsi.AdmServiceFactory.FindServiceStrategy.get\_DefaultDomain()  
  at Softerra.Adaxes.Adsi.AdmServiceFactory.ConfigurationSetBasedStrategy.FindService(String targetServer)  
  at Softerra.Adaxes.Adsi.AdmNamespace.GetNearestService(String targetServerArg, String usernameArg, String passwordArg)  
  at Softerra.Adaxes.Web.Common.AdaxesServiceFactory.AdaxesServiceFactoryImpl.GetServiceCore(String serviceName, String username, String password)  
  at Softerra.Adaxes.Web.Common.AdaxesServiceFactory.AdaxesServiceFactoryImpl.GetService(String serviceName, String username, String password)  
  at Softerra.Adaxes.Web.Common.AdaxesServiceFactory.AdaxesServiceFactoryImpl.GetNearestService(IHttpContext httpContext, NetworkCredential credential, Boolean skipCache)  
  at Softerra.Adaxes.Web.Authentication.CredentialChecker.DefaultCredentialChecker.ValidateUsernamePassword(String username, String password, ValidateCredentialOptions validateCredentialOptions, IHttpContext context)  
  --- End of inner exception stack trace ---

I am still looking into this internally if there was something done to our environment which would block ldap services. I even installed LDAP Browser from Softerra to confirm if this server could browse using LDAP, and the connection seems fine. I am able to browse through all of the Active Directory OU's we have in place.

I did some searching within the forums but was unable to find anything that was related to this event log entry. I am currently unsure of what went wrong. It was currently working fine prior to this. As far as I knew there was nothing done to the environment.

I am wondering if I can get any assistance on this.

Thanks,

by (620 points)

1 Answer

0 votes
by (217k points)
selected by
Best answer

Hello,

Judging by the error message, the Web Interface installed in the DMZ cannot resolve the name of domain name here into a Domain Controller name. This is done via the DNS service using SRV records.

As recommended in our Installation Notes, it is necessary to deploy a Read-Only Domain Controller (RODC) in the DMZ. Make sure that the RODC is operating, responds to requests from the computer where the DMZ Web interface is installed, and that it holds SRV records for domain name here.

0

Thank you for the reply. The SRV record pointed us to the right direction for this. We were able to fix the issue now. It was an issue with the FQDN of our RODC that we had on this Adaxes server. After we fixed this and rebooted the server, it could not talk freely to the RODC without an issue.

Thank you for your help on this.

Related questions

0 votes
1 answer

We are in the process of upgrading from Adaxes 2014.1 to Adaxes 2018.2. In our current architecture we have the web interfaces deployed to their own websites in IIS. ... like to set distinct URLs for each web interface. Thanks in advance for any assistance.

asked Feb 11, 2019 by lgibbens (1.4k points)
0 votes
1 answer

In past I am able to enable Auto Logon (Windows Integrated Auth) in our Internal Adaxes Server (full server) and in same time Form based auth for DMZ Based web server ... login when internal network but when outside, they should get the auth form for login.

asked Feb 20, 2019 by Brajesh (2.5k points)
0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6 by DaralenManta (250 points)
0 votes
1 answer

For the first time, I have configured a web-only Adaxes server to communicate with a different Adaxes back-end server (on the same network). While ... uses pass-through authentication. Any assistance in eliminating this error would be appreciated..

asked Jan 26, 2015 by JoeC (3k points)
0 votes
1 answer

I've got a few questions regarding the setup for the web interface and admin console in the DMZ found here. If we don't want the Admin Console accessible outside the network ... users also hit the RODC in the DMZ or would they use the internal DCs? Thanks!

asked May 5 by scoutcor (850 points)
2,352 questions
2,107 answers
5,746 comments
131,506 users