0

I'm trying to run an ASP.NET Web App, but keep getting

System.DirectoryServices.DirectoryServicesCOMException: The user name or password is incorrect

I've tried to change Application Pool Identity, according to solution found here, but nothing changes.

Source error (line 15):

Line 10: dim LDAP as String = System.Web.Configuration.WebConfigurationManager.AppSettings("LDAP")
Line 11: Dim sAMAccountName As String = userName.Substring(userName.IndexOf(''\'') + 1)
Line 12: Dim de As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry(LDAP)
Line 13: Dim ds As System.DirectoryServices.DirectorySearcher = New System.DirectoryServices.DirectorySearcher(de)
Line 14: ds.Filter = "(&(objectClass=User)(sAMAccountName=" & sAMAccountName & "))"
Line 15: Dim result As System.DirectoryServices.SearchResult = ds.FindOne()
Line 16: dim qq=result.Properties("memberOf")
Line 17: dim sid=BitConverter.ToString(result.Properties("objectSID")(0))

Stack trace:

[DirectoryServicesCOMException (0x8007052e): The user name or password is incorrect.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +399099
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
   System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +78
   System.DirectoryServices.DirectorySearcher.FindOne() +39
   ASP.default_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in D:\..\:15
   System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +268
   System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +13
   System.Web.UI.Page.Render(HtmlTextWriter writer) +29
   System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +66
   System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +100
   System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +25
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1303
godpick
  • 1
  • 2
  • Would you update your question and include how you declared `de`? – Gabriel Luci Nov 29 '21 at 16:52
  • 1
    You should better use an Application Pool configured with a service account. Network Service isn't a real identity and the underlying identity may be the computer account itself. But there may be additional group policies that may prevent the computer to authenticate. The best may be to use a Group Managed Service Account (gMSA) if possible to avoid the need to reset the password. Take care of Service Principal Name for Kerberos authentication if used. – Hazrelle Nov 29 '21 at 16:54

0 Answers0