I delpoyed my web application (which uses LDAP) on windows server 2016. It is throwing below error. Though I am able to access same ADLDS instance using ADSI or C# console application (created utility to test connectivity). But not sure why its throwing error with web application. Please suggest.
Server Error in '/' Application.
**While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.**
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[PrincipalOperationException: While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1722.]
System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object o) +570
System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) +133
System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() +86
System.DirectoryServices.AccountManagement.PrincipalCollectionEnumerator.MoveNext() +252
System.DirectoryServices.AccountManagement.PrincipalCollectionEnumerator.System.Collections.IEnumerator.MoveNext() +9
System.Linq.<SelectManyIterator>d__22`3.MoveNext() +65
System.Linq.Lookup`2.Create(IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer) +264
System.Linq.GroupedEnumerable`3.GetEnumerator() +72
System.Linq.WhereSelectEnumerableIterator`2.MoveNext() +63
System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection) +392
System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection) +15
Plastin.Common.Security.ADLDSClaimsProvider.SetApplicationClaims() +1012
Plastin.Common.Security.ADLDSClaimsProvider.Initialise() +174
Plastin.Common.Security.ADLDSClaimsProvider..cctor() +238
[TypeInitializationException: The type initializer for 'Plastin.Common.Security.ADLDSClaimsProvider' threw an exception.]
lambda_method(Closure , IBuilderContext ) +81
Microsoft.Practices.ObjectBuilder2.<>c__DisplayClass1.<GetBuildMethod>b__0(IBuilderContext context) +35
Microsoft.Practices.ObjectBuilder2.DynamicMethodBuildPlan.BuildUp(IBuilderContext context) +10
Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context) +198
Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context) +209
Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides) +165
[ResolutionFailedException: Resolution of the dependency failed, type = "Plastin.Common.Security.IClaimsProvider", name = "(none)".
Exception occurred while: Calling constructor Plastin.Common.Security.ADLDSClaimsProvider().
Exception is: TypeInitializationException - The type initializer for 'Plastin.Common.Security.ADLDSClaimsProvider' threw an exception.
-----------------------------------------------
At the time of the exception, the container was:
Resolving Plastin.Common.Security.ADLDSClaimsProvider,(none) (mapped from Plastin.Common.Security.IClaimsProvider, (none))
Calling constructor Plastin.Common.Security.ADLDSClaimsProvider()
]
Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides) +329
Microsoft.Practices.Unity.UnityContainer.Resolve(Type t, String name, ResolverOverride[] resolverOverrides) +15
Microsoft.Practices.Unity.UnityContainerExtensions.Resolve(IUnityContainer container, ResolverOverride[] overrides) +72
Plastin.Common.Security.AuthenticationManager.Authenticate(String resourceName, ClaimsPrincipal incomingPrincipal) +149
Plastin.Portal.MvcApplication.Application_PostAuthenticateRequest() +70
[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +87
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +101
System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) +21
System.Web.Util.ArglessEventHandlerProxy.Callback(Object sender, EventArgs e) +56
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +141
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
Finally we fixed this issue and my apologies I am getting late to answer this question. After lots of debugging we identified that our web application was throwing this error while getting members of ADLDS group. It was unusual as same application was working on other server. So we decided to captured network traffic using Wireshark. Wireshark capture indicated that connectivity between LDAP server and application server was blocked over SMB port 445. So we get our Network team to open port 445 which fixed the issue.
This error seems very generic error and could be other reasons for this error in your scenario but using network traffic capturing tool (like wireshark) at early stage of investigation might help you to troubleshoot these kind of issue quickly.