1. UNIFYBroker Forum
  2. Bugs
0
Not a bug

Identity Broker v5.0.4 reports LDAP Engine Error

Bob Bradley 8 years ago updated by anonymous 8 years ago 11

A vanilla IdB 5.0.4 installation is reporting the following exception on the dashboard after service startup:

The LDAP endpoint failed to startup: An attempt was made to access a socket in a way forbidden by its access permissions


Full error message as follows from the log:


20160401,02:16:10,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal

20160401,02:16:10,UNIFY Identity Broker,LDAP Engine,Error,"The LDAP endpoint failed to startup: System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at Unify.Product.IdentityBroker.LDAPEngine.UnsafeEnableEndpoint()
at Unify.Product.IdentityBroker.LDAPEngine.EnableEndpoint()",Minimal


Answer

Answer
Not a bug
Adam van Vliet 8 years ago

Is the port already in use (netstat -ab)? What IP are you binding to, can you try 0.0.0.0?

Answer
Not a bug
Adam van Vliet 8 years ago

Is the port already in use (netstat -ab)? What IP are you binding to, can you try 0.0.0.0?

Bob Bradley 8 years ago

Thanks Adam - by "the port" I presume you mean 59990 from the service config file?

From the output I can see this:

[DFSRs.exe]

TCP 0.0.0.0:59990 MIM2016:0 LISTENING

I see that DFSRs.exe (Distributed File System Replication) and DFS Namespace (DFS.exe) services are both installed and running, so I shut them both down and disabled them (must have accidentally configured the server role). However on restarting IdB I still get the error, and this is now reported from netstat:



Can not obtain ownership information

TCP 0.0.0.0:59990 MIM2016:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:59991 MIM2016:0 LISTENING



Bob Bradley 8 years ago

Interesting to note the conflict with DFS ... I must have accidentally turned on the role (can't be on by default, surely!) ... unlikely but *could* happen again in which case this might be worth a KB.

Adam van Vliet 8 years ago

Not those ports, it's the LDAP port (from the LDAP settings page).

Bob Bradley 8 years ago

Of course - OK this IdB5 model is all new to me :). This is a DC (all-in-one FIM+AD+SQL+everything else) so of course 389 is already in use ... assigned 9389 instead! I see you've taken a leaf out of the Optimal book (VIS by default listens to 389 too).

The server hasn't come back yet after I changed the port and hit SAVE ... it's been 5 minutes now ... how long should I wait?

Adam van Vliet 8 years ago

It should be straight away, can you try saving the setting again? If not restart and let me know so that we can confirm the use case. Regarding the choice of port, it was purely from here, I suppose we could have kept it consistent with our other ports, but we wanted to maintain some familiarity with existing technologies.

Bob Bradley 8 years ago

The webpage eventually timed out but the setting seems to have taken affect on reboot. However there remains the one warning on the dashboard now:

The LDAP endpoint failed to startup: An attempt was made to access a socket in a way forbidden by its access permissions

Bob Bradley 8 years ago

20160401,04:58:54,UNIFY Identity Broker,LDAP Engine,Error,The LDAP endpoint failed to startup: An attempt was made to access a socket in a way forbidden by its access permissions. Reverting configuration changes.,Minimal

20160401,05:16:46,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20160401,05:16:43,UNIFY Identity Broker,LDAP Engine,Error,"The LDAP endpoint failed to startup: System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at Unify.Product.IdentityBroker.LDAPEngine.UnsafeEnableEndpoint()
at Unify.Product.IdentityBroker.LDAPEngine.EnableEndpoint()",Minimal
20160401,05:20:41,UNIFY Identity Broker,Logging Engine,Information,Log file started.,Minimal
20160401,05:20:38,UNIFY Identity Broker,LDAP Engine,Error,"The LDAP endpoint failed to startup: System.Net.Sockets.SocketException (0x80004005): An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.Net.Sockets.TcpListener.Start(Int32 backlog)
at Unify.Product.IdentityBroker.LDAPEngine.UnsafeEnableEndpoint()
at Unify.Product.IdentityBroker.LDAPEngine.EnableEndpoint()",Minimal

Bob Bradley 8 years ago

Changed the port to 7389 and the problem went away - seems like the first change from 389 to 9389 was somehow incomplete. Not sure how you could replicate the problem though - now when I change the port it happens immediately,

Adam van Vliet 8 years ago

Could you have picked another used port (e.g. Active Directory Web Services)?

Bob Bradley 8 years ago

Correct you are :)


TCP 0.0.0.0:9389 MIM2016:0 LISTENING

[Microsoft.ActiveDirectory.WebServices.exe]
I was reading the netstat results the wrong way before - the port becomes BEFORE the app. Will remember NOT to use 9389 anywhere now too! So many traps ...

Customer support service by UserEcho