Cannot Get A SearchResponse Sometimes

Question

I am using the System.DirectoryServices.Protocols library to connect to an LDAP source. I have not had any issues with eDirectory, but I am having some trouble with Active Directory.

The Active Directory server is running on a Windows 2003 machine.

Here's a summary of the code I've been using (try catches were removed):
LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier(Server, Port));
con.SessionOptions.SecureSocketLayer = false;
con.Credential = new NetworkCredential(Username, Password);
con.AuthType = AuthType.Basic;
con.Bind();
SearchRequest request = new SearchRequest(DN,FILTER,System.DirectoryServices.Protocols.SearchScope.Subtree);
SearchResponse response = (SearchResponse)con.SendRequest(request); //this is the line that throws a DirectoryOperationException

Here's the stack trace from the exception:
System.DirectoryServices.Protocols.DirectoryOperationException was caught
Message="An operation error occurred."
Source="System.DirectoryServices.Protocols"
StackTrace:
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at <the line that I call from>

Here's the message that was stored in the response of the DirectoryOperationException:
"00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece"
I think this error message is a little fishy because when I debug line by line, it successfully passes the con.Bind() line.

Now it continues like this for an hour or so. Afterwards, I am able to authenticate succesfully every time. In summary, it works sometimes. I thought the server might have gone down. However, I can login and browse succesfully using a third party LDAP client. This gives me strong reason to believe that it's not the servers issue, but an issue with my code.

If I am missing any information I will try my best to get it for you as quickly as possible. Thank you in advanced for your help!

Joseph Mate · Answer

I believe my co-worker and I figured out the problem. The problem was that the information was sent over an unencrypted channel. As a result the the router or switch finds IPs in the packet's message. The router or switch translates those IPs. However they are not suppose to be translated. This process is called NAT. You can find it documented here: http://en.wikipedia.org/wiki/Network_address_translation or here: http://azureuswiki.com/index.php/NAT_problem The solution is to use some sort of encryption so the router or switch cannot find the IP in the packet's message.