无法解析目标主体的 SID。
SID of the target principal could not be resolved.
我在 windows 服务器 2016 上删除了我的 Web 应用程序(使用 LDAP)。它抛出以下错误。尽管我能够使用 ADSI 或 C# 控制台应用程序(创建的实用程序来测试连接性)访问相同的 ADLDS 实例。但不确定为什么它会在 Web 应用程序中抛出错误。请提出建议。
Server Error in '/' Application.
**While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.**
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[PrincipalOperationException: While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.]
System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object o) +570
System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) +133
System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() +86
System.DirectoryServices.AccountManagement.PrincipalCollectionEnumerator.MoveNext() +252
System.DirectoryServices.AccountManagement.PrincipalCollectionEnumerator.System.Collections.IEnumerator.MoveNext() +9
System.Linq.<SelectManyIterator>d__22`3.MoveNext() +65
System.Linq.Lookup`2.Create(IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) +264
System.Linq.GroupedEnumerable`3.GetEnumerator() +72
System.Linq.WhereSelectEnumerableIterator`2.MoveNext() +63
System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection) +392
System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection) +15
Plastin.Common.Security.ADLDSClaimsProvider.SetApplicationClaims() +1012
Plastin.Common.Security.ADLDSClaimsProvider.Initialise() +174
Plastin.Common.Security.ADLDSClaimsProvider..cctor() +238
[TypeInitializationException: The type initializer for 'Plastin.Common.Security.ADLDSClaimsProvider' threw an exception.]
lambda_method(Closure , IBuilderContext ) +81
Microsoft.Practices.ObjectBuilder2.<>c__DisplayClass1.<GetBuildMethod>b__0(IBuilderContext context) +35
Microsoft.Practices.ObjectBuilder2.DynamicMethodBuildPlan.BuildUp(IBuilderContext context) +10
Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context) +198
Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context) +209
Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides) +165
[ResolutionFailedException: Resolution of the dependency failed, type = "Plastin.Common.Security.IClaimsProvider", name = "(none)".
Exception occurred while: Calling constructor Plastin.Common.Security.ADLDSClaimsProvider().
Exception is: TypeInitializationException - The type initializer for 'Plastin.Common.Security.ADLDSClaimsProvider' threw an exception.
-----------------------------------------------
At the time of the exception, the container was:
Resolving Plastin.Common.Security.ADLDSClaimsProvider,(none) (mapped from Plastin.Common.Security.IClaimsProvider, (none))
Calling constructor Plastin.Common.Security.ADLDSClaimsProvider()
]
Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides) +329
Microsoft.Practices.Unity.UnityContainer.Resolve(Type t, String name, ResolverOverride[] resolverOverrides) +15
Microsoft.Practices.Unity.UnityContainerExtensions.Resolve(IUnityContainer container, ResolverOverride[] overrides) +72
Plastin.Common.Security.AuthenticationManager.Authenticate(String resourceName, ClaimsPrincipal incomingPrincipal) +149
Plastin.Portal.MvcApplication.Application_PostAuthenticateRequest() +70
[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +87
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +101
System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) +21
System.Web.Util.ArglessEventHandlerProxy.Callback(Object sender, EventArgs e) +56
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +141
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
我们终于解决了这个问题,很抱歉我来晚了回答这个问题。经过大量调试后,我们发现我们的 Web 应用程序在获取 ADLDS 组成员时抛出此错误。这是不寻常的,因为同一个应用程序正在其他服务器上运行。所以我们决定使用 Wireshark 捕获网络流量。 Wireshark 捕获表明 LDAP 服务器和应用程序服务器之间的连接在 SMB 端口 445 上被阻止。因此我们让我们的网络团队打开端口 445,这解决了这个问题。
这个错误似乎是非常普遍的错误,在您的场景中可能是导致此错误的其他原因,但在调查的早期阶段使用网络流量捕获工具(如 wireshark)可能会帮助您快速解决此类问题。
我在 windows 服务器 2016 上删除了我的 Web 应用程序(使用 LDAP)。它抛出以下错误。尽管我能够使用 ADSI 或 C# 控制台应用程序(创建的实用程序来测试连接性)访问相同的 ADLDS 实例。但不确定为什么它会在 Web 应用程序中抛出错误。请提出建议。
Server Error in '/' Application.
**While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.**
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[PrincipalOperationException: While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.]
System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object o) +570
System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) +133
System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() +86
System.DirectoryServices.AccountManagement.PrincipalCollectionEnumerator.MoveNext() +252
System.DirectoryServices.AccountManagement.PrincipalCollectionEnumerator.System.Collections.IEnumerator.MoveNext() +9
System.Linq.<SelectManyIterator>d__22`3.MoveNext() +65
System.Linq.Lookup`2.Create(IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) +264
System.Linq.GroupedEnumerable`3.GetEnumerator() +72
System.Linq.WhereSelectEnumerableIterator`2.MoveNext() +63
System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection) +392
System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection) +15
Plastin.Common.Security.ADLDSClaimsProvider.SetApplicationClaims() +1012
Plastin.Common.Security.ADLDSClaimsProvider.Initialise() +174
Plastin.Common.Security.ADLDSClaimsProvider..cctor() +238
[TypeInitializationException: The type initializer for 'Plastin.Common.Security.ADLDSClaimsProvider' threw an exception.]
lambda_method(Closure , IBuilderContext ) +81
Microsoft.Practices.ObjectBuilder2.<>c__DisplayClass1.<GetBuildMethod>b__0(IBuilderContext context) +35
Microsoft.Practices.ObjectBuilder2.DynamicMethodBuildPlan.BuildUp(IBuilderContext context) +10
Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context) +198
Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context) +209
Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides) +165
[ResolutionFailedException: Resolution of the dependency failed, type = "Plastin.Common.Security.IClaimsProvider", name = "(none)".
Exception occurred while: Calling constructor Plastin.Common.Security.ADLDSClaimsProvider().
Exception is: TypeInitializationException - The type initializer for 'Plastin.Common.Security.ADLDSClaimsProvider' threw an exception.
-----------------------------------------------
At the time of the exception, the container was:
Resolving Plastin.Common.Security.ADLDSClaimsProvider,(none) (mapped from Plastin.Common.Security.IClaimsProvider, (none))
Calling constructor Plastin.Common.Security.ADLDSClaimsProvider()
]
Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides) +329
Microsoft.Practices.Unity.UnityContainer.Resolve(Type t, String name, ResolverOverride[] resolverOverrides) +15
Microsoft.Practices.Unity.UnityContainerExtensions.Resolve(IUnityContainer container, ResolverOverride[] overrides) +72
Plastin.Common.Security.AuthenticationManager.Authenticate(String resourceName, ClaimsPrincipal incomingPrincipal) +149
Plastin.Portal.MvcApplication.Application_PostAuthenticateRequest() +70
[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +87
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +101
System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) +21
System.Web.Util.ArglessEventHandlerProxy.Callback(Object sender, EventArgs e) +56
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +141
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
我们终于解决了这个问题,很抱歉我来晚了回答这个问题。经过大量调试后,我们发现我们的 Web 应用程序在获取 ADLDS 组成员时抛出此错误。这是不寻常的,因为同一个应用程序正在其他服务器上运行。所以我们决定使用 Wireshark 捕获网络流量。 Wireshark 捕获表明 LDAP 服务器和应用程序服务器之间的连接在 SMB 端口 445 上被阻止。因此我们让我们的网络团队打开端口 445,这解决了这个问题。
这个错误似乎是非常普遍的错误,在您的场景中可能是导致此错误的其他原因,但在调查的早期阶段使用网络流量捕获工具(如 wireshark)可能会帮助您快速解决此类问题。