I changed my User Directory this morning in an attempt to work around this bug: https://forums.inedo.com/topic/3164/user-seen-as-a-group/11
I went from an "LDAP or Single Domain Active Directory (Legacy)" User Directory to an "Active Directory (LDAP)" User Directory. Before I switched, I setup the new User Directory to have the same permissions as the old one. I also used the test features in the "Active Directory (LDAP)" User Directory settings page to look up users and do searches and it was working fine.
After I switched, browsing to the ProGet homepage redirected to this:
(We run two instances of the site, one for integrated security, and one for basic auth. The basic auth site kept working fine.)
When I logged in on the basic auth site, running a user search test in the settings page showed this:
We logged into the proget server and restarted the services. We also attempted to use the "clear authentication cookies" option, and ran in Chrome's Incognito Mode. Nothing we could do would fix the error.
So I set the User Directory back to the original "LDAP or Single Domain Active Directory (Legacy)" User Directory. (I figured we could research it more when we did not have users being locked out of the system.)
But when we set it back, the error did not go away!
We tried all the same things that we did after the first User Directory swap (restarting services, clearing cookies etc). Nothing we did worked! We were stuck. And now our down time was stretching even longer.
Fortunately our policies have us do backups of the database and snapshots of the server. We did a restore from back up and it started working again.
We then had to send out the embarrassing email letting everyone know that any auto builds that ran for the last half hour have to be re-run.
This was embarrassing to me. Having it continue to fail when we put the setting back was really bad.
What went wrong? Why did it do this in the first place, and why did it not start working when we put it back?
A few more details:
- After we switched back to the ""LDAP or Single Domain Active Directory (Legacy)" user directory, tests on the "Active Directory (LDAP)" User Directory worked again. Meaning that the COM errors were no longer there. Here is an example of how that looks:
- Here is an image of one of the entries on the Event Log for the service:
- When we first switched, the error message (first screen shot above) said that the name of the User Directory was 'Queries the current domain, global catalog for trusted domains, or a specific li'. That seemed odd since that was not the name of the "Active Directory (LDAP)" User Directory we had switched to. (I double checked that we had switched to the "Active Directory (LDAP)" User Directory.) The directory name was the same as the type of the user directory:
- When we switched back, error message (seen above) correctly had the name "LDAP" for the User Directory (though it was still broken)
- We are running ProGet Version 5.3.21 (Build 24)