Runtime: ASP.NET Core 2.0 using System.DirectoryServices.AccountManagement GroupPrincipal GetMembers Throws System.Exception: An operations error occurred.

Can you try to run the same example on .NET Framework? (using .NET Framework DirectoryServices)

@karelz you bet! ASP.NET full framework appears to work as expected.

Steps to reproduce:

• Create ASP.NET WebAPI template with full .NET framework
• Add reference to System.DirectoryServices.AccountManagement
• Add test code to HomeController.cs here.
• Debug application,
• Works as expected, all users for the provided group are returned.

Thanks for confirmation!
@tquerec @jay98014 any advice here? cc @danmosemsft @tarekgh

I am also receiving the same error.

I have followed the same steps mentioned above and I cannot repro this on my machine.
In my case, I have used the domain name which my client machine is connected to. And I have used my default credentials (passing username and password as nulls). And I have used the group name as "guests".

my question, does your client machine running this code is domain joined machine? I am trying to understand the settings difference which may help repro the issue.

@tquerec any thoughts here?

@tarekgh In my tests I tested both ways, with a domain joined machine, and a machine off of the domain. Same results...both failed with the repo test code.

Would the type/configuration of the domain controller come into play here?

Would the type/configuration of the domain controller come into play here?

Could be. I'll try with different configuration and look if I can get this repro on our side.

I am able to repro this now. I am going to take a deeper look. Initially, it looks the problem with the COM interop part.

I have debugged and found that the problem is in the COM interop layer in coreclr. When calling a com interface method and it fails, we should be throwing COMException but there was a regression which caused throwing the generic Exception instead of COMException.

The problem is we have code which catches the COMException and handle it

https://github.com/dotnet/corefx/blob/master/src/System.DirectoryServices/src/System/DirectoryServices/DirectoryEntry.cs#L997

but now this exception handling is not executed because we are not getting the COMException.

We have the fix
https://github.com/dotnet/coreclr/pull/13553

But this fix is not part of net core 2.0 so, we'll need to port this fix there.

CC @tijoytom @russellhadley @weshaggard

I have assigned the issue to @shrah who is going to port the fix to v2.0 branch. I have labeled the issue as v2.0 too.

Thanks @tarekgh . We should get this in 2.0.6.

@tarekgh are we missing tests here? Or is it just that we ran our tests against master and not 2.0 release?

We are not missing tests. The same issue caught before with the test as you pointed me before.

https://github.com/dotnet/corefx/issues/23548

@tarekgh

• Reading through this issues/status is this fix scheduled to be included in a servicing release like 2.0.6?

• Is there a method to get a beta release of this fix?

Reading through this issues/status is this fix scheduled to be included in a servicing release like 2.0.6?

Yes, the fix should be included in 2.0.6

Is there a method to get a beta release of this fix?

Unfortunately no. you have to wait for the official servicing release.

@tarekgh

I see the 2.0.6 release is out, https://github.com/dotnet/core/releases, did this fix make the cut?

If not, is it in the 2.1 preview?

@benhysell it seems the fix is in 2.0.6 (see https://github.com/dotnet/coreclr/pull/15735). Did you try it?
If you look at merge commit of the original PR in master (https://github.com/dotnet/coreclr/pull/13553), it made it to 2.1-preview1: https://github.com/dotnet/coreclr/commit/a3e884a062607ac296fc3943796627e2209a95ea (see the tag at the top)

@shrah @tarekgh any reason why this issue is still opened and wasn't closed with merging of https://github.com/dotnet/coreclr/pull/15735?

I see the 2.0.6 release is out, https://github.com/dotnet/core/releases, did this fix make the cut?
If not, is it in the 2.1 preview?

@shrah could you check that? my understanding is your fix has to be in 2.0.6 and 2.1 preview too.

@benhysell are you sure the 2.0.6 bits are the bits get loaded in your app? we had some cases before that older version of net core get loaded and not the latest version. Is it possible to look under the debugger the version and the timestamp of coreclr loaded in the app?

@karelz

any reason why this issue is still opened

I think we wanted to confirm the fix is there in the product.

I found that the error is not throwing directly to the consuming application, but throwing silently. If you look to Output > debug in visual studio, during property evaluation for the underlying DirectoryEntry for the Principal object, you will see the following error message:

Exception thrown: 'System.Runtime.InteropServices.COMException' in System.DirectoryServices.dll

example code:

public IEnumerable<Employee> GetEmployeesByGroupName(string groupName)
{
    Guard.AgainstNullOrEmpty(groupName, nameof(groupName));

    var toReturn = Enumerable.Empty<Employee>();

    using (var context = GetPrincipalContext())
    {
        GroupPrincipal gp = GroupPrincipal.FindByIdentity(context, IdentityType.Name, groupName);

        if (gp == null)
            toReturn = null;
        else
        {
            toReturn = gp.GetMembers()
                .Select(s => s.GetUnderlyingObject() as DirectoryEntry)
                .Select(s => FromDirectoryEntry(s))
                .Where(w => null != w)
                .ToList(); //Throws to debug output
        }
    }

    return toReturn;
}

private Employee FromDirectoryEntry(DirectoryEntry de)
{
    string alias = de.StringPropertyOrNull("samaccountname").ToLower();
    string name = de.StringPropertyOrNull("cn");
    string email = de.StringPropertyOrNull("mail");

    if (null == alias || null == email || null == name)
        return null;

    return new Employee(
        alias: alias,
        name: name,
        email: email);
}

For some reason I cannot dump the full exception from the quick watch menu.

But the message details are:

An operations error occurred.
   at System.DirectoryServices.Interop.UnsafeNativeMethods.IAds.GetInfoEx(Object vProperties, Int32 lnReserved)\r\n   at System.DirectoryServices.DirectoryEntry.RefreshCache(String[] propertyNames)

nuget package: System.DirectoryServices
00490982c7952e96a1089818467caa6fd07541b2
Version: 4.5.0-preview1-26216-02

nuget package: System.DirectoryServices.AccountManagement
00490982c7952e96a1089818467caa6fd07541b2
Version: 4.5.0-preview1-26216-02

@tcables the fix is actually was inside coreclr and not in System.DirectoryServices. can you tell what version of .net core you are using?

@tarekgh My Asp.net Core website is targeting ".Net Core 2.0". The package I'm consuming to handle the AD abstractions is targeting .net standard 2.0.

I also ran dotnet --info from the package manager console:

PM> dotnet --info
.NET Command Line Tools (2.1.100)

Product Information:
 Version:            2.1.100
 Commit SHA-1 hash:  b9e74c6520

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.14393
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\2.1.100\


Microsoft .NET Core Shared Framework Host

  Version  : 2.0.5

  Build    : 17373eb129b3b05aa18ece963f8795d65ef8ea54

@tcables it looks you are using version 2.0.5 of the net core

Microsoft .NET Core Shared Framework Host

  Version  : 2.0.5

  Build    : 17373eb129b3b05aa18ece963f8795d65ef8ea54

You need 2.0.6 which has the fix.

@benhysell, are you able to tell if you still seeing the problem in 2.0.6? please make sure in your app to follow the instruction mentioned in the following comment too:

https://github.com/dotnet/corefx/issues/26292#issuecomment-362656712

This procedure is also described in https://github.com/dotnet/announcements/issues/62

@tarekgh I just tested with version 2.0.6 and it worked!

Tested with a machine on and off the domain, both calls completed as expected.

I'm happy to close this issue at this time.

"You need 2.0.6 which has the fix."

Has saved my day!