How to prevent DirectoryOperationException - The server cannot handle directory requests

Question

I am attempting to write a utility method to update AD attributes (just single valued string attributes for now) in C#. This is a stand-alone utility that does not rely on IIS. This method will be used to load data from our HR systems into our AD.

I am able to read objects and attributes effectively using System.DirectoryServices.Protocols. but when I call the ModifyRequest method, I get a DirectoryOperationException with the message "The server cannot handle directory requests".

Based on another Stack Overflow question: .Net's Directory Services throws a strange exception

I tried using port 636 for SSL LDAP, but it does not change the behavior.

I am not using IIS and am on .NET 4.5 so the Microsoft patch for .NET/IIS should not apply.

Googling on this has been fruitless.

If know you why this error occurs, and how to fix it, I would be very grateful.

Code below.. please assume that Conn contains a valid and authenticated LDAP connection from the enclosing utility class--I can provide the complete source the enclosing utility class if it is needed.

The exception occurs on the SendRequest line in ModifyStringAttributeValues:

using System;
using System.Collections.Generic;
using System.DirectoryServices.Protocols;
using System.Net;

namespace MyOrganization.Common.Ldap
{
    public class LdapSession
    {
        public bool UseKerberos { set; get; }
        public String Host { set; get; }
        public String UserId { set; get; }
        public String Password { set; get; }
        public String Tag { set; get; }
        public int Port { set; get; }

        public const int DefaultLdapPort = 389;

        protected LdapConnection Conn;

        public void EstablishV2()
        {

        }

        public void Establish()
        {

            var effectivePort = Port == 0 ? DefaultLdapPort : Port;

            Console.WriteLine("EffectivePort={0}", effectivePort);

            var identifier = new LdapDirectoryIdentifier(Host, effectivePort);

            if (UseKerberos)
            {
                Conn = new LdapConnection(identifier)
                {
                    AuthType = AuthType.Kerberos,
                    Timeout = new TimeSpan(0, 10, 0, 0),
                    SessionOptions =
                    {
                        ProtocolVersion = 3,
                        VerifyServerCertificate =
                            new VerifyServerCertificateCallback((con, cer) => true),
                        SecureSocketLayer = true
                    }
                };
            }
            else
            {
                Conn = new LdapConnection(identifier)
                {
                    AuthType = AuthType.Basic,
                    Timeout = new TimeSpan(0, 10, 0, 0)
                };

                // Console.WriteLine("LPA:  Binding with {0}, {1}", UserId, Password); // QUARTZ

                Conn.Bind(new NetworkCredential(UserId, Password));
            }


        }

        public IEnumerable<SearchResultEntry> Search(string cx, string filter, SearchScope searchScope, params string[] attrib)
        {
            var s = new SearchRequest(cx, filter, searchScope, attrib)
            {
                SizeLimit = 0,
                TimeLimit = new TimeSpan(1, 0, 0) // One hour, zero minutes, zero seconds
            };

            var raw = Conn.SendRequest(s);

            if (raw == null)
            {
                throw new Exception("null response");
            }

            var r = raw as SearchResponse;

            if (r != null)
            {
                // Console.WriteLine(Tag + "Search response entries: {0}", r.Entries.Count); // QUARTZ

                foreach (SearchResultEntry e in r.Entries)
                {
                    yield return e;
                }
            }
            else
            {
                // Console.WriteLine(Tag + "Search response was null" ); // QUARTZ
            }

            yield break;
        }


        public ResultCode ModifyStringAttributeValues(string dn, IDictionary<string, string> modifications)
        {
            // declare the request and response objects here
            // they are used in two blocks
            ModifyRequest modRequest;
            ModifyResponse modResponse;

            try
            {
                // initialize the modRequest object 
                modRequest =
                    new ModifyRequest(dn);

                modRequest.Controls.Add(new PermissiveModifyControl());

                var mods = new DirectoryAttributeModification[modifications.Count];

                int z = 0;
                foreach (var pair in modifications)
                {
                    var mod = new DirectoryAttributeModification();
                    mod.Operation = DirectoryAttributeOperation.Replace;
                    mod.Name = pair.Key;
                    mod.Add(pair.Value);

                    mods[z] = mod;

                    z += 1;
                }

                // cast the returned directory response into a ModifyResponse type 
                // named modResponse
                modResponse =
                    (ModifyResponse)Conn.SendRequest(modRequest);

                return modResponse.ResultCode;
            }

            catch (Exception e)
            {
                Console.WriteLine("\nUnexpected exception occured:\n\t{0}: {1}",
                                  e.GetType().Name, e.Message);

                return ResultCode.Unavailable;
            }
        }
    }
}

I know the code is a little clunky, and full of strange comments--it is cut, pasted and modified from sample code on Microsoft's site while I get it working.

Answer 1

If someone runs into this problem again, here is my solution. It was the action of deleting duplicate user certificates which resolved it for me. Here are the steps

1. Run > certmgr.msc
2. Go to the personal folder and find the related certificates
3. Finally delete any duplicated certificates