This project is read-only.

Error: An operations error occurred.

Jan 22, 2009 at 8:17 PM
Greetings,
Thank you for taking the time to release such an awesome webpart, but unfortunatly I get the "Error: An operations error occurred." when I try and use the AD Password Reset.

The AD Self Service webpart works perfectly, but for whatever reason the password reset errors out.

I have verified the following.

LDAP:// is in caps.
Windows authentication is enabled on the IIS sharepoint site.  (This is server 2008 with IIS7)
Anonymous authentication is disabled.
When debugging is turned on it does pull back the correct samaccountname and the correct DN.

Would you have any ideas or suggestions on anything else I can try?

Thank You
Jan 22, 2009 at 8:23 PM
Edited Jan 22, 2009 at 8:23 PM
Have you downloaded the latest version which allows you to set the authentication mechanism on your ldap server connection?  You are not alone in this issue and I think changing the authentication mechanism from "Secure" to some other might work.  Unfortunately, since I can't replicate the issue - I don't know.

Are you running SSL by any chance?
Jan 23, 2009 at 1:52 AM

Hi BurkeHolland,

I picked up on your comment about SSL - is there a bug with SSL?  I've tried the majority of other suggestions throughout the discussions and comments, and debugging returns valid values.  However I have yet to experience a successful change.  The error varies depending on the LDAP Authentication Type chosen.  Any suggestions?  I've only used your current / latest release.

System: MOSS 2007 SP1 standalone on W2003x64, with all Microsoft updates, .NET 2.0, 3.0, and 3.5.

Thank you in advance.

Jan 23, 2009 at 2:34 AM
darryls - welcome to the "operations error" conundrum.

Thankfully though, I think we are getting closer to working this one out.  I was hoping that the authentication type would do it, but it appears that it does not fix the problem.

Here is what I know - somebody correct me if these facts are wrong...

Sites running under SSL return an Operations Error Occured when using the change password web part, although they retrieve the user information correctly in debug mode.

It appears that this problem is not related to a version of Windows Server, but rather the SSL nature of the connection.

Can somebody with this problem confirm that the AD Profile Update web part works or does not over SSL?
Jan 23, 2009 at 3:25 AM
Edited Jan 23, 2009 at 3:50 AM
Thank you for the fast reply BurkeHolland,

I've confirmed the AD Profile Update works perfectly first time using default recommended settings, using SharePoint with SSL -- well done!

The SSL nature of the connection must be impacting on the Password Reset webpart only.  Unfortunately, I don't have the skills / experience to resolve this yet.  Suggestions anyone?

Cheers.
Jan 23, 2009 at 6:39 PM
Burkeholland,

As you requested in a previous post I have tried using the AD Profile Update web part over SSL.

When you are refering to SSL I assume you are mean running Sharepoint/IIS over SSL (443).  If you are refering to running LDAP over SSL I have not tried this since my AD LDAP runs over 389.

So the bad news is that the operations error occurs over standard web traffic (80) as well as SSL (443) running a self signed cert.

I have also tried messing around with the LDAP string and sill get the DEBUG DN, but no go on the password reset.

LDAP://ADSERVERNAME
LDAP://DOMAINNAME
LDAP://ADSERVERNAME:389
LDAP://ADSERVERNAME:389/DC=domain,DC=com

I will keep poking around as time provides and let you know if anything changes.

Jan 23, 2009 at 7:01 PM
I was referring to having an SSL connection to your SharePoint server which would indicate the following...

Your web server sits in the DMZ with external access.
Your LDAP server sits behind the DMZ on your intranet.
The change password throws the "Operations Error".

I am continuing to research this, but for now, it appears as though you would have to have kerberos authentication working between the SharePoint and LDAP servers.
Jan 23, 2009 at 8:10 PM
Burkeholland,

Thank you again for taking the time to look at this.  I will look into what it will take to enable kerberos authentication between the MOSS server and the AD domain controllers.  I believe it is currently NTLM.

As a side note I did some reasearch and it looks like if you want to change an AD password with LDAP you have to use SSL.  I found out that we in fact do have SSL LDAP enabled over port 636.  Funny thing is when I select SecureSocketsLayer on the LDAP authentication type it defaults to Encryption once I hit apply/ok.  Encryption does not seem to work since it repeatadly tells me that "The password you entered is not correct".

If I use "Secure" LDAP authentication type with a LDAP path of LDAP://ADSERVERNAME.COM:636 it successfully pulls back the DN but I believe it is still unencrypted traffic.

Have a good one.
Jan 23, 2009 at 8:16 PM
So specifying 636 in the connection string does not allow for a successful change?
Jan 23, 2009 at 8:25 PM
No, unfortunatly it still has the operations error.

I just found out that I can enable AD to log LDAP Interface events to the Event log with a registery change.

I will let you know what comes of it.
Feb 2, 2009 at 4:39 PM
Has anybody with this error made any progress or had any revelations?
Feb 3, 2009 at 2:33 PM
I have this error, but when debugging is turned on, after submitting the form, the accountname changes to the system account?
Feb 6, 2009 at 3:57 PM
To all who are experiencing this issue...

ITaCS has released a similar web part (but with much more functionality) at www.codeplex.com/changepassword

Download that part and see if it works for you.