Adaxes

Issue with Separate Adaxes server hosting Web IIS in DMZ

0 votes

Hi,

We are currently still running an older version of Adaxes (2014.1) and having an issue with our 2nd server of Adaxes that is in our DMZ. I would like to resolve this before we do our update, as I am prepping everything for the upgrade to version 2017.1. This Adaxes server is supposed to provide a Password reset Self Service to users that are connecting outside of our company network to reset their passwords.

This server has been working since we built it up till about a month ago, then we started getting errors:

After trying to Sign In on our IIS page for the password reset; the top left corner indicates

'domain name here' is not operational The LDAP server is unavailable.

Then I checked the event viewer logs for Adaxes and this is what I found each time I attempted to Sign In:

Description: 

 Softerra.Adaxes.Web.Utils.LogMessageWrapperException: Failed to use an Adaxes service to validate the user credentials. --- Softerra.Adaxes.Adsi.DirectoryComException (0x8007054B): The specified domain either does not exist or could not be contacted.  
  at Softerra.Adaxes.Interop.SafeNativeMethods.LookupDomainName(String computerName, String domainName, String siteName, LookupDCFlags flags)  
  at Softerra.Adaxes.Utils.UsernameInfo.DetermineDomainName()  
  at Softerra.Adaxes.Utils.UsernameInfo.get\_DomainName()  
  at Softerra.Adaxes.Adsi.AdmServiceFactory.FindServiceStrategy.get\_DefaultDomain()  
  at Softerra.Adaxes.Adsi.AdmServiceFactory.ConfigurationSetBasedStrategy.FindService(String targetServer)  
  at Softerra.Adaxes.Adsi.AdmNamespace.GetNearestService(String targetServerArg, String usernameArg, String passwordArg)  
  at Softerra.Adaxes.Web.Common.AdaxesServiceFactory.AdaxesServiceFactoryImpl.GetServiceCore(String serviceName, String username, String password)  
  at Softerra.Adaxes.Web.Common.AdaxesServiceFactory.AdaxesServiceFactoryImpl.GetService(String serviceName, String username, String password)  
  at Softerra.Adaxes.Web.Common.AdaxesServiceFactory.AdaxesServiceFactoryImpl.GetNearestService(IHttpContext httpContext, NetworkCredential credential, Boolean skipCache)  
  at Softerra.Adaxes.Web.Authentication.CredentialChecker.DefaultCredentialChecker.ValidateUsernamePassword(String username, String password, ValidateCredentialOptions validateCredentialOptions, IHttpContext context)  
  --- End of inner exception stack trace ---

I am still looking into this internally if there was something done to our environment which would block ldap services. I even installed LDAP Browser from Softerra to confirm if this server could browse using LDAP, and the connection seems fine. I am able to browse through all of the Active Directory OU's we have in place.

I did some searching within the forums but was unable to find anything that was related to this event log entry. I am currently unsure of what went wrong. It was currently working fine prior to this. As far as I knew there was nothing done to the environment.

I am wondering if I can get any assistance on this.

Thanks,

by (390 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Judging by the error message, the Web Interface installed in the DMZ cannot resolve the name of domain name here into a Domain Controller name. This is done via the DNS service using SRV records.

As recommended in our Installation Notes, it is necessary to deploy a Read-Only Domain Controller (RODC) in the DMZ. Make sure that the RODC is operating, responds to requests from the computer where the DMZ Web interface is installed, and that it holds SRV records for domain name here.

0

Thank you for the reply. The SRV record pointed us to the right direction for this. We were able to fix the issue now. It was an issue with the FQDN of our RODC that we had on this Adaxes server. After we fixed this and rebooted the server, it could not talk freely to the RODC without an issue.

Thank you for your help on this.

by (390 points)

Related questions

0 votes
1 answer
Adaxes 2018.2 Separate IIS Websites for Web Interfaces

We are in the process of upgrading from Adaxes 2014.1 to Adaxes 2018.2. In our current architecture we have the web interfaces deployed to their own websites in IIS. ... like to set distinct URLs for each web interface. Thanks in advance for any assistance.

asked Feb 11, 2019 by lgibbens (320 points)
0 votes
1 answer
Adaxes 2018.2 - DMZ Web Server - Disable Auto Logon Feature

In past I am able to enable Auto Logon (Windows Integrated Auth) in our Internal Adaxes Server (full server) and in same time Form based auth for DMZ Based web server ... login when internal network but when outside, they should get the auth form for login.

asked Feb 20, 2019 by Brajesh (460 points)
0 votes
1 answer
Where can I find a list of all the URLs that an Adaxes server uses with IIS?

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6, 2020 by DaralenManta (20 points)
0 votes
1 answer
Separate Web Server Error

For the first time, I have configured a web-only Adaxes server to communicate with a different Adaxes back-end server (on the same network). While ... uses pass-through authentication. Any assistance in eliminating this error would be appreciated..

asked Jan 26, 2015 by JoeC (470 points)
0 votes
1 answer
Issue with adding users to unmanaged list in Adaxes using powershell

I used the script below to try and accomplish this but I get an error. I did try to leave a comment but it would not let me. I tried running ... .adaxes.com/script-repository/add-users-located-in-particular-organizational-units-to-unmanaged-accounts-s178.htm

asked Nov 14, 2022 by raul.ramirez (210 points)
3,538 questions
3,229 answers
8,222 comments
547,739 users