0
Not a bug

Identity Broker v5.0.4 reports LDAP Engine Error

Bob Bradley 3 years ago • updated by anonymous 3 years ago 11

A vanilla IdB 5.0.4 installation is reporting the following exception on the dashboard after service startup:

The LDAP endpoint failed to startup: An attempt was made to access a socket in a way forbidden by its access permissions


Full error message as follows from the log:


20160401,02:16:10,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal

20160401,02:16:10,UNIFY Identity Broker,LDAP Engine,Error,"The LDAP endpoint failed to startup: System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at Unify.Product.IdentityBroker.LDAPEngine.UnsafeEnableEndpoint()
at Unify.Product.IdentityBroker.LDAPEngine.EnableEndpoint()",Minimal


Affected Versions:
Fixed by Version:

Answer

Answer
Not a bug

Is the port already in use (netstat -ab)? What IP are you binding to, can you try 0.0.0.0?

Answer
Not a bug

Is the port already in use (netstat -ab)? What IP are you binding to, can you try 0.0.0.0?

Thanks Adam - by "the port" I presume you mean 59990 from the service config file?

From the output I can see this:

[DFSRs.exe]

TCP 0.0.0.0:59990 MIM2016:0 LISTENING

I see that DFSRs.exe (Distributed File System Replication) and DFS Namespace (DFS.exe) services are both installed and running, so I shut them both down and disabled them (must have accidentally configured the server role). However on restarting IdB I still get the error, and this is now reported from netstat:



Can not obtain ownership information

TCP 0.0.0.0:59990 MIM2016:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:59991 MIM2016:0 LISTENING



Interesting to note the conflict with DFS ... I must have accidentally turned on the role (can't be on by default, surely!) ... unlikely but *could* happen again in which case this might be worth a KB.

Not those ports, it's the LDAP port (from the LDAP settings page).

Of course - OK this IdB5 model is all new to me :). This is a DC (all-in-one FIM+AD+SQL+everything else) so of course 389 is already in use ... assigned 9389 instead! I see you've taken a leaf out of the Optimal book (VIS by default listens to 389 too).

The server hasn't come back yet after I changed the port and hit SAVE ... it's been 5 minutes now ... how long should I wait?

It should be straight away, can you try saving the setting again? If not restart and let me know so that we can confirm the use case. Regarding the choice of port, it was purely from here, I suppose we could have kept it consistent with our other ports, but we wanted to maintain some familiarity with existing technologies.

The webpage eventually timed out but the setting seems to have taken affect on reboot. However there remains the one warning on the dashboard now:

The LDAP endpoint failed to startup: An attempt was made to access a socket in a way forbidden by its access permissions

20160401,04:58:54,UNIFY Identity Broker,LDAP Engine,Error,The LDAP endpoint failed to startup: An attempt was made to access a socket in a way forbidden by its access permissions. Reverting configuration changes.,Minimal

20160401,05:16:46,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20160401,05:16:43,UNIFY Identity Broker,LDAP Engine,Error,"The LDAP endpoint failed to startup: System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at Unify.Product.IdentityBroker.LDAPEngine.UnsafeEnableEndpoint()
at Unify.Product.IdentityBroker.LDAPEngine.EnableEndpoint()",Minimal
20160401,05:20:41,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20160401,05:20:38,UNIFY Identity Broker,LDAP Engine,Error,"The LDAP endpoint failed to startup: System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at Unify.Product.IdentityBroker.LDAPEngine.UnsafeEnableEndpoint()
at Unify.Product.IdentityBroker.LDAPEngine.EnableEndpoint()",Minimal

Changed the port to 7389 and the problem went away - seems like the first change from 389 to 9389 was somehow incomplete. Not sure how you could replicate the problem though - now when I change the port it happens immediately,

Correct you are :)


TCP 0.0.0.0:9389 MIM2016:0 LISTENING

[Microsoft.ActiveDirectory.WebServices.exe]
I was reading the netstat results the wrong way before - the port becomes BEFORE the app. Will remember NOT to use 9389 anywhere now too! So many traps ...