I am using the following C# code in the code behind of a webform deployed in an ASP.NET 4 (4.0.30319) application pool on Server1 and Server2.
PrincipalContext pc = new PrincipalContext(ContextType.Domain, "testnet.testad.org:636", "dc=testnet,dc=testad,dc=org");
bool validated = pc.ValidateCredentials(username, password, ContextOptions.Negotiate);
Server1 is running:
windows server 2003 SP2
IIS 6.0
ASP.NET version 4.0.30319
Server1 takes between 30-60 seconds to authenticate depending on the options.
(Note: using regular ldap it authenticates immediately with no delay)
Server2 is running:
windows server 2008 SP2
IIS 7.0
ASP.NET version 4.0.30319
Running the exact same code as Server1, Server2 authenticates almost instantaneously.
(I have also tried the code against another IIS 7.0 server with the same results)
So I believe the code is fine which is why I am asking this on serverfault.
Has anyone ran into this issue before?
Is there something I can patch or configure differently on Server1 to bring down the authentication time to be in line with Server2?
Thanks for any help on this.
…………………………………………………………………………………………………………………………….
[Update]
I turned on wireshark while making an ldaps authentication request.
I have created a file containing all requests over 636.
It can be viewed here: Server1 636 traffic
The biggest gaps are found between:
No. 1949 at 1.115583 sec – No. 06788 at 14.501754 sec
and
No. 6803 at 14.64297 sec – No. 11742 at 27.921379 sec
All other traffic on that port occurs within the same second.
NOTE: There is roughly the same amount of traffic on Server2 but it all occurs between 2-3 seconds.
It can be viewed here: Server2 636 traffic
Best Answer
Try running process monitor to see if you're getting access denied on:
If so, give the service account read acces to it.