HRESULT: 0X80070490 with AzMan and AD LDS

Topics: Security Application Block
Jun 5, 2009 at 9:16 PM

I'm developing a WPF application with the security block using AzMan as its policy store.
The AzMan in configured to work with AD LDS (aka ADAM). The development environment was with 2003 server and everything was fine. The deployment environment has 2008 server and when I'm trying to run the application I get an exception:

 "Element not found. (Exception from HRESULT: 0X80070490)".

The stack trace points to AZROLESLib.AZAuthorizationStoreClass.OpenApplication2(String bstrApplicationName, Object varReserved). I call this method with "MyApp" and null and it was working fine on 2003 box.
It seems to me that the application cannot locate "MyApp" in my AzMan store.  Does The AZMan API expect something different on 2008 than on 2003? Do I need
to replace interop.AZROLESLib.dll to a newer version?

Thank you,

Ken

Jun 8, 2009 at 10:46 AM

Hi,

Please see this link http://www.velocityreviews.com/forums/t648131-azman-error-element-not-found-exception-from-hresult-0x80070490.html . Seems to be the same problem as you're facing.

Valiant Dudan
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

Jun 8, 2009 at 6:27 PM

Hi valiant,

Thank you. I saw the link you've provided while \i was searching for a solution to my problem. The problem ineed seems to be the same but i'm using ADAM as the physical store while the link is using XML document so the solution is not applicable to me. I do believe that the source of the problem might be with the application name parameter. However, the same application name is working on a 2003 machine...  So I'm still in the dark here.

Ken

Jun 9, 2009 at 5:51 AM

How about assigning Reader role to the ADAM partition like what's described in here - http://forums.asp.net/t/1130866.aspx

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

 

Jun 10, 2009 at 10:24 PM
Edited Jun 10, 2009 at 10:26 PM

Thank you Sarah.

I've actually assigned reader role and administrator role to any authenticated user on the machine...

What I do find intresting is that when I use ldp.exe on the 2008 machine I can't see the configurationFile of the root direcory (DC=MyDomain,DC=local). On the 2003 machine I can. Could it be that the  IAzAuthorizationStore2.OpenApplication2 method is failing to find this file? Is there a configuration in windows 2008 which prevent this file from being created?

Thank you,

Ken

Jun 11, 2009 at 6:16 AM

I'm not sure if there was a difference on this issue between on a win 2003 and 2008 environment.  Have you tried to follow these steps - http://msdn.microsoft.com/en-us/library/ms998331.aspx?  I'm not really familiar with ADAM or AZMAN so you might be more able to spot any difference, here's for win 2008 - http://msdn.microsoft.com/en-us/library/bb897401.aspx

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

 

Jun 12, 2009 at 9:07 PM

Hi Sarah

I installed all from scratch following the link you've provided with no luck: still the same exception...

Thank you,

Ken

Jun 15, 2009 at 11:12 AM

You said that you can't see the configuration file of the root director on the 2008 machine, and asking if there is a configuration in windows 2008 which prevent this file from being created.  The problem that I could think of is permission issue.  Check your permissions. 

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

Jun 16, 2009 at 6:59 PM
Edited Jun 16, 2009 at 7:00 PM

I would say it is a permission issue too  - the million dollar question is what permissions are missing? Here are my latest updates on the case:

  • I copied my application to the 2008 server (on which AD LDS is running) - I get no exceptios and everything is great.
  • I created the exact same AzMan-ADAM configuration on a 2003 server - I get no exceptios and everything is great.
  • I have the same set of permissions on both 2003 and 2008 machines...

So I'm begining to suspect it's some kind of 2008 server issue.

Thank you,

Ken

Jun 17, 2009 at 12:32 PM

Running out of ideas here, have you read this one before? - http://technet.microsoft.com/ja-jp/library/cc732566(WS.10).aspx

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

Sep 2, 2010 at 2:23 PM

I'm also facing the same conundrum as ken, i also followed the same process and still no luck. Would appreciate if someone has answers for us.

Sep 3, 2010 at 6:26 AM

Hi ohotane,

Can you do debugging just like what this thread suggested?

summers

Sep 16, 2010 at 10:13 PM

We ended up oppening a support incident with MS and they couldn't resolve it. This forced us to move away from AD LDS. We're still using AzMan but with XML file.