AD Integration is not working after DC switch

Getting the following error in the diagnostic log. This is trying to connect to the wrong DC. I am being told that this DC has been decommissioned. Is there some process I need to do in Octopus to tell it to change the DC it is querying?

Name: “TPA0MSMGT.DATALINK.COM”

System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational.

Name: “TPA0MSMGT.DATALINK.COM”
—> System.Runtime.InteropServices.COMException: The server is not operational.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection…ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
— End of inner exception stack trace —
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
at System.DirectoryServices.ActiveDirectory.DomainController.get_Domain()
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOf(Principal p)
at System.DirectoryServices.AccountManagement.Principal.GetGroupsHelper()
at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.ReadUserGroups(Principal principal, ICollection`1 groups) in y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 141
at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetMemberExternalSecurityGroupIds(String username) in y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line 120

Hi Lrfalk01,

Thanks for getting in touch!

We don’t store any configuration for the DC, we fall back to the machine. Is it possible that server has cached the DC ? Sometimes network DNS configurations may still be returning the wrong DC ?

Perhaps you could use LDP.exe to test the server configuration ?

Hope that helps!

Damian

Good afternoon Damian, firstly we never demoted the Windows 2008 R2 domain controller as we wanted to make sure nothing is broke, however we did turn the box off since the Windows 2012 R2 is in place with all FSMO roles; this is when we started getting errors… We also have 4 other domain controllers that are still Windows 2008 R2. Attached is the power shell results on that box regarding DC controllers.
I am wondering if it tries to hit the first domain controller on the list and when it can’t reach it dies. I would think that your code would look for any domain controller that is active and can service requests.

AD.png865×625 12 KB

Hi Mark,

Our code doesn’t do anything special, the lines in our code that are failing are just calling .NET wrappers (as you can see in the stack trace).

We get a principal :
var principal = UserPrincipal.FindByIdentity(context, username);

Then try to get the groups (principal.groups).

Can you try enumerating the groups with your PowerShell code ?

Regards

Damian

We are having a same issue - how was it resolved?

We were unable to resolve it. After updating to 3.2 from 2.x, the issue went away.

Hi @MS,

Thanks for reaching out.

Could you please share us some info so we can help you out?

• Which version of Octopus are you running?

• Which exact error are you getting on screen? Could you share the Octopus server logs also? (C:\Octopus\Logs on a default install)

• Which AD Domain change did you do exactly? You switched from one domain to another? From User/Pass to Domain Authentication?

Thanks,
Dalmiro

Damien, we upgraded Octopus to new version and it resolved the issue.