Get AD Groups with ASP.NET WebAPI C# not working on Windows Server 2016 Datacenter

Question

I have a ASP.NET Web API Application which loads all the Groups which contains a Specific Name from Active Directory into internal Database.

This was working on Dev. PC (Windows 10), Testserver and old Productive Server (Windows Server 2012 R2) But on the new Productive Server (Windows 2016) the same method ran into a Exception.

Illegal operation attempted on a registry key that has been marked for deletion.

Here the Code:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
var adGroups = srch.FindAll().Where(w => w.Name.Contains("_FS", StringComparison.InvariantCultureIgnoreCase));
var permissions = new List<PermissionGroup>();

// find all matches
foreach (var found in adGroups) {
    var permission = new PermissionGroup(found.Name, found.Sid.ToString());
    permissions.Add(permission);
}

Additional Information: Windows Server 2016 Datacenter Version 10.0.14393 Build 14393

Installed .NET Framework (Server 2016) .NET Framework 4.8 Used .NET Framework 7

Someone have an idea, what the problem can be? Thanks

Added: 08.01.2020 16:11 (UTC +1)

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Illegal operation attempted on a registry key that has been marked for deletion.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x800703fa): Illegal operation attempted on a registry key that has been marked for deletion. ]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +535 System.DirectoryServices.DirectoryEntry.Bind() +48
System.DirectoryServices.DirectoryEntry.get_AdsObject() +43
System.DirectoryServices.PropertyValueCollection.PopulateList() +27
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +122
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +168
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +194 System.DirectoryServices.DirectoryEntry.Bind() +48
System.DirectoryServices.DirectoryEntry.get_AdsObject() +43
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +91
System.DirectoryServices.DirectorySearcher.FindOne() +46
FragranceStudio.Webservice.Common.Helper.ActiveDirectoryHelper.SetADInformationToFragranceStudioPrincipal(FragranceStudioPrincipal fragranceStudioPrincipal) in C:\\Repositories\\VS2017\\FragranceStudio\\FragranceStudio\\FragranceStudio.Webservice.Common\\Helper\\ActiveDirectoryHelper.cs:70 FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.ReloadInheritedPermissionGroups(FragranceStudioPrincipal principal) in C:\\Repositories\\VS2017\\FragranceStudio\\FragranceStudio\\FragranceStudio.Webservice.Common.Security\\ExtendedPermissionProvider.cs:142

[FragranceStudioException: An unknown error has occurred. Please try again or contact the Servicedesk.]
FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.ReloadInheritedPermissionGroups(FragranceStudioPrincipal principal) in C:\\Repositories\\VS2017\\FragranceStudio\\FragranceStudio\\FragranceStudio.Webservice.Common.Security\\ExtendedPermissionProvider.cs:169 FragranceStudio.Webservice.Common.Security.ExtendedPermissionProvider.GetInheritedGroups(FragranceStudioPrincipal principal) in C:\\Repositories\\VS2017\\FragranceStudio\\FragranceStudio\\FragranceStudio.Webservice.Common.Security\\ExtendedPermissionProvider.cs:62 FragranceStudio.Webservice.Common.DomainEntities.Security.FragranceStudioPrincipal..ctor(IExtendedPermissionProvider extendedPermissionProvider, WindowsPrincipal principal) in C:\\Repositories\\VS2017\\FragranceStudio\\FragranceStudio\\FragranceStudio.Webservice.Common\\DomainEntities\\Security\\FragranceStudioPrincipal.cs:55 FragranceStudio.Webservice.WebApiApplication.Application_PostAuthenticateRequest(Object sender, EventArgs e) in C:\\Repositories\\VS2017\\FragranceStud io\\FragranceStudio\\FragranceStudio.Webservice\\Global.asax.cs:51 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +223 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +220 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +94

Answer 1

Reading this article tells me that this issue is related to accessing the profile of the user. However, your app pool settings indicate that you're not even loading the user profile, which is likely the cause of your problem.

In your app pool settings, enable "Load User Profile".

This answer and the comment on this answer confirm that.

I'm not entirely sure why it throws this exception without turning that on, and why only with 2 worker processes. I'm curious about it too. It likely has something to do with what registry hives are given to the process when it's not the user's own registry hive, and that being closed when one worker process shuts down, preventing access to the other process. Just a guess there.

Answer 2

I found the issue, but i don't know why this happens. On Maximum Worker Processes, was set to 2. But why this is a problem for this the AD Query?