LDAP connection is unstable with WSO2 - active-directory

We are implementing WSO2 identity solution with Active directory. After implementation, we have observed that connection is unstable example - In total 10 attempts - It works successfully twice but fails in rest of the 8 attempts. Logs:-
TID: [-1234] [] [2022-10-19 12:44:35,475] [e96a3f67-1caf-421b-b5c3-c20e9eeef75f] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Error occurred while obtaining LDAP connection. Connection URL: ldaps://XXXXXXXX:636/ org.wso2.carbon.user.core.UserStoreException: Error obtaining connection. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 775, v3839 ]

As per the error log, you're getting an error 49 with data 775 which means the "Account lockout".
You can check out the following link for more information on analyzing the LDAP error log:
https://knowledge.broadcom.com/external/article/164943/vip-ldap-error-code-49.html
525 user object not found
52e invalid password/credential
53f credential policy violation
530 time restriction in place
531 not permitted to logon at this workstation
532 password expired / DN username mismatch
533 account disabled
568 too many context identifiers
701 account expired
773 username/password valid, must reset password
775 account lockout
More information on these specific errors can be found here:
https://ldapwiki.com/wiki/Account%20Lockout
I hope this helps you to deal with this error.

Related

SMTP Erorr with SQL SSRS

For a couple of month we have been sending reports to about 100 users.
We recently enabled MFA on our Office365 Tenant. I added the user sending reports to exceptions. But now the service only sends about 60 of the 100 emails. I have looked into the logs and cant find what the problem actually is.
I have added the error message below.
Than you!
emailextension!WindowsService_12!8850!01/03/2022-06:45:12:: e ERROR: Error sending email. Exception: System.AggregateException: One or more errors occurred. ---> System.Net.Mail.SmtpException: The server committed a protocol violation The server response was:
at System.Net.Mail.SendMailAsyncResult.End(IAsyncResult result)
at System.Net.Mail.SmtpClient.SendMailCallback(IAsyncResult result)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait(TimeSpan timeout)
at Microsoft.ReportingServices.EmailDeliveryProvider.EmailProvider.Deliver(Notification notification)
---> (Inner Exception #0) System.Net.Mail.SmtpException: The server committed a protocol violation The server response was:
at System.Net.Mail.SendMailAsyncResult.End(IAsyncResult result)
at System.Net.Mail.SmtpClient.SendMailCallback(IAsyncResult result)<---
. Additional Information: SmtpException StatusCode:GeneralFailure
notification!WindowsService_12!8850!01/03/2022-06:45:12:: e ERROR: Error occurred processing subscription bb732977-1cb9-4fef-8201-193e0e8b20b8: Failure sending mail: One or more errors occurred.Mail will not be resent.
I actually found the solution. For some reason part of the emails were being sent using TLS 1.0 and the rest were using TLS 1.2 I disabled TLS 1.0 through the registry and it went back to normal.

Azure AD Domain Services Domain Controller's failing Replications Test

I have up Azure AD DS, have joined some Windows 10 PC's, and created some security groups and GPO's. I am getting investigating an error in the Windows 10 System Event Log (Event 4, Security-Kerberos. The Kerberos client received a KRB_AP_ERR_Modified error from the server [AADDS-DC-SERVER-NAME$]. The target name used was ldap/FQDN-OF-SERVER/DOMAIN.COM#DOMAIN.COM. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (DOMAIN.COM) is different from the client domain (DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.). I thought I'd do a quick test on the AADDS Domain Controllers with DCDIAG, and they are showing that Replications have been failing since yesterday. Results below:
Starting test: Replications [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: DC=ForestDnsZones,DC=domain,DC=com The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 34 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: DC=DomainDnsZones,DC=domain,DC=com The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 45 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 31 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: CN=Configuration,DC=domain,DC=com The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 33 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: DC=domain,DC=com The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2020-01-17 11:15:57. The last success occurred at 2020-01-16 04:54:52. 1777 failures have occurred since the last success. ......................... DC2 failed test Replications
Given that the AADDS DC's are supposed to be locked down, how is this happening?
Raised a case with Azure Support, they confirmed this should not happen and raised with their backend team. Issue appears to now be resolved.

What is the min and max value of can hold in SQL Server process

I have a server where in I can upload and retrieve data fast when my server is in (take offline) mode but if I live the server (with 150 + process) in SQL Server, I get an error from the application:
The server was unable to process the request due to an internal error.
For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
This is my screenshot of the server
and this is the error in Vb.net application
Error Logs
Date,Source,Severity,Message
12/05/2017 17:01:09,spid139,Unknown,CHECKDB for database 'SALESANDTRACKING07272017' finished without errors on 2016-06-07 00:00:09.867 (local time). This is an informational message only; no user action is required.
12/05/2017 17:01:06,spid139,Unknown,Starting up database 'SALESANDTRACKING07272017'.
12/05/2017 17:01:06,spid139,Unknown,Setting database option ONLINE to ON for database SALESANDTRACKING07272017.
12/05/2017 17:00:51,spid68,Unknown,Setting database option OFFLINE to ON for database SALESANDTRACKING07272017.
12/05/2017 17:00:51,spid68,Unknown,Process ID 139 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:51,spid68,Unknown,Process ID 105 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:51,spid68,Unknown,Process ID 53 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:44,spid68,Unknown,CHECKDB for database 'SALES07272017' finished without errors on 2016-06-07 00:00:09.867 (local time). This is an informational message only; no user action is required.
12/05/2017 17:00:40,spid68,Unknown,Starting up database 'SALES07272017'.
12/05/2017 17:00:39,spid68,Unknown,Setting database option ONLINE to ON for database SALES07272017.
12/05/2017 17:00:35,spid203,Unknown,Setting database option OFFLINE to ON for database SALES07272017.
12/05/2017 17:00:35,spid203,Unknown,Process ID 145 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:35,spid203,Unknown,Process ID 134 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:35,spid203,Unknown,Process ID 68 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 16:41:57,spid70,Unknown,The client was unable to reuse a session with SPID 70<c/> which had been reset for connection pooling. The failure ID is 29. This error may have been caused by an earlier operation failing. Check the error logs for failed operations immediately before this error message.
12/05/2017 16:41:57,spid70,Unknown,Error: 18056<c/> Severity: 20<c/> State: 29.
12/05/2017 16:37:40,spid121,Unknown,The client was unable to reuse a session with SPID 121<c/> which had been reset for connection pooling. The failure ID is 29. This error may have been caused by an earlier operation failing. Check the error logs for failed operations immediately before this error message.
12/05/2017 16:37:40,spid121,Unknown,Error: 18056<c/> Severity: 20<c/> State: 29.
12/05/2017 16:24:36,spid66,Unknown,The client was unable to reuse a session with SPID 66<c/> which had been reset for connection pooling. The failure ID is 29. This error may have been caused by an earlier operation failing. Check the error logs for failed operations immediately before this error message.
12/05/2017 16:24:36,spid66,Unknown,Error: 18056<c/> Severity: 20<c/> State: 29.
12/05/2017 16:23:14,spid61,Unknown,CHECKDB for database 'SALESANDTRACKING' finished without errors on 2016-06-07 00:00:09.867 (local time). This is an informational message only; no user action is required.
12/05/2017 16:23:13,spid61,Unknown,Starting up database 'SALESANDTRACKING'.
12/05/2017 16:23:13,spid61,Unknown,Setting database option ONLINE to ON for database SALESANDTRACKING.
12/05/2017 16:07:20,spid61,Unknown,Setting database option OFFLINE to ON for
please see this screen shot from the server (memory usage)
Process in the server
https://ibb.co/nA2AHw
whenever I try to upload data in the server it goes to the servicereference.channelafter that it goes to the api apibilling but the thing here whenever the application sends data to the services and api then from there to server the pooling of process in the server makes the consuming of the memory and for that the error will occur because it cannot handle the other connection in the application
try to change my connection string to my other server with smaller process and it works... I conclude that the memory is the problem I will upgrade the memory of the server to 64gb.. by the way my current server has 32 ram on thanks for all the help :D it seems that the error is not on the Api or service behavior , it's the memory that causes the problem
and as far as I know on the server you must upgrade the memory if the database will expand fast that there are new users that are currently login in the application then it will have consume another memory.
'=========Updated Answer December 13, 2017 1:16 am------------------
I browse the internet and I search DataAdapter vs. DataReader and I found out that DataAdapter goes to memory cache while the DataReader The DataReader provides an unbuffered stream of data that allows procedural logic to efficiently process results from a data source sequentially. The DataReader is a good choice when retrieving large amounts of data because the data is not cached in memory.
I get that to this link http://www.dotnetcurry.com/aspnet/143/convert-data-reader-to-data-table
I use dataadapter when retrieving data so It happens that 150 + process will consume a lot of memory cache
'=========Updated Answer January 16, 2018 1:16 am------------------
My solution from this problem is Indexing
I read from this
What is an index in SQL?
that indexing has the ability to retrieve large amount of data in an instant
but beware to use indexing
I just read this
https://www.sqlpassion.at/archive/2016/03/29/clustered-indexes-advantages-disadvantages/
if you use many indexes the adding,uploading and deleting of data will be slowed

What is state 123 for error 18456 on an Azure SQL Database?

I have an Azure Webjob that can't connect to the database with the error "login failed for user". (Incidentally, the Web App uses the same connection string to connect without a problem).
Here are the details from the error log:
Error code: 18456
Error state: 123
I can't find any documentation on state 123. Can anyone tell me what it means?
We don't document the error state codes because they don't mean anything. They represent unique instances of an error in out code base to help us debug customer issues faster. So, it more or less maps to line x in source code file y.
Thanks,
Conor Cunningham
Architect, SQL Core Engine
I had some help from the Microsoft guys and they've updated the documentation: https://learn.microsoft.com/en-us/sql/relational-databases/errors-events/mssqlserver-18456-database-engine-error
States 122 - 124 means "Failure due to empty user name or password."
Error 18456 is a generic connection error and may have many causes. I would not pay too much attention to 123
Thanks,
Mirek

Open LDAP - How to get a more specific error response code if 'Invalid Credentials' error is encountered?

More specifically, how do we distinguish between 'bad password' and 'password expired' case with an Open LDAP server (if we are using Microsoft Active Directory, the 'Invalid Credentials' error has a more specific error response code like 525 or 532 that can be used to differentiate)?

Resources