Some or all identity references could not be translated

TheMSsForum.com: The Microsoft Software Forum

I get and error â??Some or all identity references could not be translatedâ??
when executes the code System.Security.Principal.SecurityIdentifier.Translate.

It appears this happens to users that have been logged in for a long time.
It appears our users are in the habit of not logging out for long periods of
time.

If the user logs out and then back in the error no longer occurs.


Does any one have any idea what is happening here?
Is the some AD setting that causes tokens to expire after some period of time?


Code snippet:

WindowsIdentity id = WindowsIdentity.GetCurrent();
IdentityReferenceCollection irc =
WindowsIdentity.GetCurrent().Groups;
string[] strArray = new string[irc.Count];
int t = 0;



foreach (IdentityReference ir in irc)
{
IdentityReference account = ir.Translate(typeof(NTAccount));
strArray[t] = account.Value;
t++;
}

--
EqDev
Top

RE: Some or all identity references could not be translated by jetan

jetan
Mon Oct 16 22:50:34 CDT 2006

Hi EqDev,

Can you tell me what exception message do you get when
SecurityIdentifier.Translate failed? Is it possible for you to provide the
call stack regarding the exception? These information will be helpful for
us to analysis the failure. Thanks.

Normally, from Reflector, we can see that SecurityIdentifier.Translate()
method internally calls SecurityIdentifier.TranslateToNTAccounts() method
to do the internal work. TranslateToNTAccounts method will call
LsaLookupSids win32 API to does the work. It will throw different exception
if the LsaLookupSids API fails. So the exception message should report a
key information regarding the failure.

I will wait for your further feedback. Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Top

RE: Some or all identity references could not be translated by eqdev

eqdev
Tue Oct 17 06:04:01 CDT 2006

This is th estack
Some or all identity references could not be translated.

at
System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)

at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
at EQNPS.AccuracyMeasurement.SPMasXML.GetUsersRoles(SqlConnection conn)
at EQNPS.AccuracyMeasurement.SPMasXML.GetQuestionsAndAnswers(String
Trigger, Boolean IsSimultaneousSecond)
at EQNPS.AccuracyMeasurement.SPMasXML.GetXml(MeasuresRequest mr)
at
EQNPS.AccuracyMeasurement.SPMeasurementsClientForm.BuildMeasuresForm(String
RequestXML)

--
EqDev


""Jeffrey Tan[MSFT]"" wrote:

> Hi EqDev,
>
> Can you tell me what exception message do you get when
> SecurityIdentifier.Translate failed? Is it possible for you to provide the
> call stack regarding the exception? These information will be helpful for
> us to analysis the failure. Thanks.
>
> Normally, from Reflector, we can see that SecurityIdentifier.Translate()
> method internally calls SecurityIdentifier.TranslateToNTAccounts() method
> to do the internal work. TranslateToNTAccounts method will call
> LsaLookupSids win32 API to does the work. It will throw different exception
> if the LsaLookupSids API fails. So the exception message should report a
> key information regarding the failure.
>
> I will wait for your further feedback. Thanks.
>
> Best regards,
> Jeffrey Tan
> Microsoft Online Community Support
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscriptions/support/default.aspx.
> ==================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
Top

RE: Some or all identity references could not be translated by jetan

jetan
Wed Oct 18 02:44:28 CDT 2006

Hi Arno,

I will perform some research on this issue and get back to you ASAP. Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Top

RE: Some or all identity references could not be translated by jetan

jetan
Wed Oct 18 02:56:37 CDT 2006

Hi EqDev,

Please ignore my another reply, it is a wrong reply. Sorry about it.

The information you provided is not enough to identify the root cause. Can
you be specific what exception do you get in this stack? Also, I suggest
you setup the symbol server correct for your debugger so that you can get a
more detailed call stack for this exception.

This is because the stack you provided only points out the
SecurityIdentifier.Translate method on the top, however, this is not
useful, you have to setup the debugging symbols for VS.net debugger to
retrieve more meaningful stack.

Can you tell me which version of VS you are using, VS.net2003 or VS2005?
For VS.net2003 debugger, you can set the symbol server by adding an
environment variable _NT_SYMBOL_PATH with value
"srv*C:\symbols*http://msdl.microsoft.com/download/symbols". VS2005
debugger uses the symbol directories
specified in Tools | Options | Debugging | Symbols. You can set the same
value "srv*C:\symbols*http://msdl.microsoft.com/download/symbols" in the
option.

Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Top

RE: Some or all identity references could not be translated by ThiloLangbein

ThiloLangbein
Fri Oct 27 07:20:01 CDT 2006

I have the same problem. The Translate-method does not work for all
security-Identifiers. I have a Problem with the built-in group
"Server-Operators".
Top