24
Views
18
Comments
[Active Directory CORE (Simplified)] Cannot connect AD in production environment
active-directory-core-simplified
Service icon
Forge component by Renato Pauleta
Application Type
Service

I am using the Active Directory simplified component where I am managing the token in the Demo module, everything is working fine in my Development and Test environment, once I move to production I have applied the same configuration exactly for generating the token, however I am getting "The server is not operational " error once calling the AD APIs.

I have noticed another thing, in the Demo app I am not able to search users in production, 

and in the error logs there is error saying that "The specified domain either does not exist or could not be contacted. ". 


This should not be something related to the production connection to the server, as the authentication on production is configured using LDAP and it is working successfully, is there something else that I am missing?  

Hi.

I haven't seen this error before and searching online for a possible solution I came across a few articles such as this one: https://www.techinpost.com/the-server-is-not-operational/. From the looks of it there's not much that I can do directly from the component.

Best.

Dear @Renato Pauleta 

We have the same setup in UAT and Dev and it is working fine. And we have another LDAP component in production and it is working fine and connecting to the server. 

Ok thanks.

If you click on the detail of the error in service center does it have more information than just "The specified domain either does not exist or could not be contacted."?


Dear Renato,

This is the details of the "The specified domain either does not exist or could not be contacted." 


and this is for the another errors which occurs once I use one of the APIS in my app. 


Is there any thing that I need to change in my token configuration specially for the production server ?

I tried to replicate "The server is not operational " error in UAT by putting invalid domain name in the configuration and I was able to get the same error. 

However, the correct configuration is the same in UAT and production while it is not working in UAT. 

There shouldn't be any difference in the configuration.

Can you check if the token you're using is the correct one? There was an issue in the token generation backoffice where the token would regenerate after each save, but I think the error would be different. But let's just check.

Other than that if the configuration is the same in UAT and PROD and you're pointing exactly to the same domain with the same user authentication, I can't see how this is an issue with the component. Can someone from your IT check if there is more information at the event viewer level in the AD server to check for additional details on the error?

Thanks @Renato Pauleta 

I am thinking of using the Active Directory Library instead of the simplified one, just to check if the issue is with the token configuration or something else.

I am trying now the Active Directory Normal Library in the Dev environment, however I am getting "The server is not operational" error in UAT after once calling the ADUserSearch, please note that the call done after the GlobalDirectoryEntry_Set where the domain has been specifed. 

I though this might be an issue with my configuration, I tried by inputting LDAP URL/ Default domain and all my attempts failed.

I tried with the methods of the previous Active Directory library and they are working with the same configuration "by using only the default domain name" in the Domain property.  

Can you please check from your side if the latest version of the component is working as expected, if it is, can you please provide some guidance for the Domain path property, I might be specifying it wrongly, however, again, I tried the same with the previous version of the library and it worked. 


Hi,

It's working as expected. The latest version just fixes what I've mentioned before, of avoiding the token to be regenerated in every update.

The domain can be as simple as domain.com or subdomain.domain.com. What's weird is that you have it working in other environments except production and if the connection and configuration is the same, there shouldn't be any issues. 

Dear @Renato Pauleta 

What I am saying that I am trying now with the Active Directory Normal Library in the Dev environment (Not the simplified one), just to check if the issue is with the token approach or something else. 

But, I am not able to call the AD methods, I am getting the "Unspecified error" in Dev environment, I need your help checking that the Active Directory Methods (the ones without the token) are working well, I tried the same configuration with the previous Active Directory library and they are working correctly. 

To clarify more, I am now facing a different issue than the one I reported on production.

I am trying to call the Active Directory APIs directly (not the simplified one) in DEV and I am facing the "Unspecified" error. 

Please note my code below in dev (I have both Active Directory the new and the old libraries installed). The old APIs are working as expected, the new one (ActiveDirectory_IS) is returning an error, please check the Debugger details in the image.  Where I am using the same configuration in both. 


 

Do you have more details on service center?

Also, it seems you're using both calls in the same flow, I don't know if the domain set may cause some conflict, so if you can separate in different action flows just to ensure that we have things isolated.

Hi dear,

The issue that I was facing in DEV has been solved, there was an issue with the my configuration, in the old Active Directory I was able to specify the domain name only in order to the methods to work fine.

Now in the GlobelDirectorySet method, I have to specify the domain path in a certain format, it was not accepting the Domain name only, I think the documentation need more details regarding the inputs and their format.

However, this issue is not related to the production issue, in production I tried with both libraries, the simplified ones with tokens and the other one, I thought that the error maybe because of the token generation, but it seems not.

I went through an old reported case https://www.outsystems.com/forums/discussion/66960/active-directory-initial-setup-for-active-directory/ 

It might be something similar to my issue, you discussed with the case reporter that the LDAP connection will not work for the AD queries. 

In my case, in the Users module the configuration is the Authentication Type is "LDAP", again, not sure how this is related to the issue, as the configuration is the same exactly in Development and Test environments.  

I don't know how else to help :(

Seeing that you're able to connect in your dev environments but not in production and that your configurations are the same, I'd say there's a difference somewhere in the production server or something is blocking the calls in the AD server (which you'd need to check with your IT).

My only other suggestion would be to try the LDAP component and see if you can work with that.

Best Regards.

Dear @Renato Pauleta 

Is there any suggested LDAP component ? 

I don't have an opinion there. Haven't tried any of the LDAP components.

Dear @Renato Pauleta 

Can you please confirm if the AD component require the Server to be part of the AD ? as our production server is on DMZ and it is not part of AD.

Hi Kawthar.

I really don't know. I can tell you that the component uses the underlying Microsoft Directory Services: https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices?view=dotnet-plat-ext-7.0.

If your production server is in a DMZ and not part of the Active Directory domain, you may need to configure the component to connect to the Active Directory domain controllers securely using appropriate credentials. Ensure that necessary firewall rules and security measures are in place to facilitate this communication while maintaining the server's security in the DMZ.

But, I thought you mentioned that you were able to connect to the production server from OS non-production environments and if that's the case, this shouldn't be an issue.

Thanks @Renato Pauleta 

Dear I have one doubt regarding where the LDAP IP value is being stored, as right now we are not configuring the IP value anywhere, we are just inputting the default domain in the configuration. 

The IP value would only be necessary if the domain is not recognisable, but you can try changing the domain name with the IP address directly if you're trying to understand if it's DNS issue.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.