"ValidateCredentials" "The server cannot handle directory requests." 中的异常
Exception in "ValidateCredentials" "The server cannot handle directory requests."
我在安装过程中使用 Windows PowerShell 来查询和验证用户的 Windows 凭据。直到昨天,它都运行良好。现在我公司的IT部门更改了域控制器的一些配置,现在我得到以下异常。
Exception calling "ValidateCredentials" with "2" argument(s): "The server cannot
handle directory requests."
At line:32 char:5
+ if ($pc.ValidateCredentials($username, $credential.GetNetworkCredenti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DirectoryOperationException
根据我的研究,我已经发现它与丢失的 SSL 连接有关。我必须在代码的某处添加 ContextOptions.SecureSocketLayer 。 问题是:该参数的正确位置在哪里?我找不到任何 PowerShell 示例。
这是我用来检查凭据的脚本:
$credential = $Host.UI.PromptForCredential("Need credentials.", "For using Windows Integrated Authentication please provide the login information for the user that has access to the Microsoft SQL Server database.", "", "")
if (!$credential) {
Write-Output "No credentials provided"
return
}
[System.Reflection.Assembly]::LoadWithPartialName('System.DirectoryServices.AccountManagement')
$system = Get-WmiObject -Class Win32_ComputerSystem
if ($credential.GetNetworkCredential().Domain) {
Write-Output "Credentials contain domain"
if ($credential.GetNetworkCredential().Domain -eq $system.Name) {
Write-Output "Domain is local system"
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $system.Name
} else {
Write-Output "Domain is network domain"
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $credential.GetNetworkCredential().Domain
}
$username = $credential.UserName
} elseif (0, 2 -contains $system.DomainRole) {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $system.Name
$username = $system.Name + '\' + $credential.GetNetworkCredential().UserName
} else {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain
$username = $system.Domain + '\' + $credential.GetNetworkCredential().UserName
}
if ($pc.ValidateCredentials($username, $credential.GetNetworkCredential().Password)) {
Write-Output "Validation successfull"
} else {
Write-Output "Validation failed"
}
作为,您可以将ContextOptions值传递给PrincipalContext构造函数:
$DefaultNC = "DC=$($system.Domain -replace '\.',',DC=')"
# ...
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain, $DefaultNC, ([System.DirectoryServices.AccountManagement.ContextOptions]'SecureSocketLayer,Negotiate')
必须指定身份验证选项(Negotiate 或 SimpleBind),因此 'SecureSocketLayer,Negotiate' 值
我在安装过程中使用 Windows PowerShell 来查询和验证用户的 Windows 凭据。直到昨天,它都运行良好。现在我公司的IT部门更改了域控制器的一些配置,现在我得到以下异常。
Exception calling "ValidateCredentials" with "2" argument(s): "The server cannot
handle directory requests."
At line:32 char:5
+ if ($pc.ValidateCredentials($username, $credential.GetNetworkCredenti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DirectoryOperationException
根据我的研究,我已经发现它与丢失的 SSL 连接有关。我必须在代码的某处添加 ContextOptions.SecureSocketLayer 。 问题是:该参数的正确位置在哪里?我找不到任何 PowerShell 示例。
这是我用来检查凭据的脚本:
$credential = $Host.UI.PromptForCredential("Need credentials.", "For using Windows Integrated Authentication please provide the login information for the user that has access to the Microsoft SQL Server database.", "", "")
if (!$credential) {
Write-Output "No credentials provided"
return
}
[System.Reflection.Assembly]::LoadWithPartialName('System.DirectoryServices.AccountManagement')
$system = Get-WmiObject -Class Win32_ComputerSystem
if ($credential.GetNetworkCredential().Domain) {
Write-Output "Credentials contain domain"
if ($credential.GetNetworkCredential().Domain -eq $system.Name) {
Write-Output "Domain is local system"
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $system.Name
} else {
Write-Output "Domain is network domain"
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $credential.GetNetworkCredential().Domain
}
$username = $credential.UserName
} elseif (0, 2 -contains $system.DomainRole) {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $system.Name
$username = $system.Name + '\' + $credential.GetNetworkCredential().UserName
} else {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain
$username = $system.Domain + '\' + $credential.GetNetworkCredential().UserName
}
if ($pc.ValidateCredentials($username, $credential.GetNetworkCredential().Password)) {
Write-Output "Validation successfull"
} else {
Write-Output "Validation failed"
}
作为ContextOptions值传递给PrincipalContext构造函数:
$DefaultNC = "DC=$($system.Domain -replace '\.',',DC=')"
# ...
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain, $DefaultNC, ([System.DirectoryServices.AccountManagement.ContextOptions]'SecureSocketLayer,Negotiate')
必须指定身份验证选项(Negotiate 或 SimpleBind),因此 'SecureSocketLayer,Negotiate' 值