Goyo Goyo - 1 month ago 13
Java Question

Error 80004005 when connecting to AD from Java application

We have a Java web application served from Apache Tomcat 6. Our users are stored in a Windows 2008 R2 active directory.
The application connects to the AD using COM4J from the org.jvnet.com4j.typelibs library version 1.0

For example, we search an user attribute with:

public <T> T getValueFromAD(Filter filter, String atributes, ADObjectMapper<T> mapper, T nullValue)
{
_Connection con = com4j.typelibs.ado20.ClassFactory.createConnection();
try
{

con.provider("ADsDSOObject");
con.open("AD-Anon-Search", "", "", -1/*default*/);

_Command cmd = com4j.typelibs.ado20.ClassFactory.createCommand();
try
{
cmd.activeConnection(con);
cmd.commandText("<GC://" + this.domain + ">;" + filter.encode() + ";" + atributes + ";SubTree");
_Recordset rs = cmd.execute(Variant.getMissing(), Variant.getMissing(), -1/*default*/);
try
{
if (rs.eof())
return nullValue;
else
return mapper.mapRecordSet(rs);
}
finally {
rs.close();
rs.dispose();
}
}
finally {
cmd.dispose();
}
}
finally {
con.close();
con.dispose();
COM4J.cleanUp();
}
}


This uses to find right well, but from time to time (not a fixed time), it stops working and the queries to the AD responds with an access error like:

com4j.ComException: 80004005 Error no especificado : Error no especificado : .\invoke.cpp:517
at com4j.Wrapper.invoke(Wrapper.java:166)
at $Proxy108.execute(Unknown Source)
...
Caused by: com4j.ComException: 80004005 Error no especificado : Error no especificado : .\invoke.cpp:517
at com4j.Native.invoke(Native Method)
at com4j.StandardComMethod.invoke(StandardComMethod.java:35)
at com4j.Wrapper$InvocationThunk.call(Wrapper.java:340)
at com4j.Task.invoke(Task.java:51)
at com4j.ComThread.run0(ComThread.java:153)
at com4j.ComThread.run(ComThread.java:134)


or

com4j.ComException: 80072116 Traducción del nombre: no se puede encontrar el nombre o privilegios insuficientes para ver el nombre. : Traducción del nombre: no se puede encontrar el nombre o privilegios insuficientes para ver el nombre. : .\invoke.cpp:517
at com4j.Wrapper.invoke(Wrapper.java:166)
at $Proxy116.set(Unknown Source)
...
Caused by: com4j.ComException: 80072116 Traducción del nombre: no se puede encontrar el nombre o privilegios insuficientes para ver el nombre. : Traducción del nombre: no se puede encontrar el nombre o privilegios insuficientes para ver el nombre. : .\invoke.cpp:517
at com4j.Native.invoke(Native Method)
at com4j.StandardComMethod.invoke(StandardComMethod.java:35)
at com4j.Wrapper$InvocationThunk.call(Wrapper.java:340)
at com4j.Task.invoke(Task.java:51)
at com4j.ComThread.run0(ComThread.java:153)
at com4j.ComThread.run(ComThread.java:134)


Anyone has any idea of the cause of this problem, or, at least, of what should we do to find the cause?

The only way we have found to make it to work fine again is to restart the tomcat.

Thanks. Kind regards.

Answer

Finally, we found the problem. It was caused by the scenario drawn at http://support.microsoft.com/kb/2494158 of Microsoft:

Consider the following scenario:

  • You create a managed service account in a domain.
  • You install the managed service account on a computer that is running Windows 7 or Windows Server 2008 R2.
  • You configure a service to use the managed service account on the computer.

In this scenario, the service starts successfully. However, the managed service account authentication fails after 30 days.

Note The managed service account automatically updates the password every 30 days.

This was exactly our problem, so applying the hotfix described in the web solved the problem. Hope this could help anyone else.