ActiveDirectoryMembershipProvider. Could not contact the specified domain or server.

I need to validate users given the LDAP connection url and service account. However, I see different behavior when I just do a directory lookup which works fine and does Memberhip.GetAllUsers () which fails with "Could not contact the specified domain or server"

private static void GetUsers()
{
    // this succeeds to list all users
    DirectoryEntry de = new DirectoryEntry()
    {
        Path = "LDAP://serveraddres/DC=BLAH,DC=COM",
        Username = "validusername",
        Password = "validpassword",
    };

    DirectorySearcher srch = new DirectorySearcher(de)
    {
        Filter = "(objectClass=user)"
    };

    using (SearchResultCollection results = srch.FindAll())
    {
        foreach (SearchResult res in results)
        {
            Console.WriteLine("\t{0}", res.Path);
        }
    }

    // Below fails with 'The specified domain or server could not be contacted.'
    foreach (var user in Membership.GetAllUsers())
    {
        ... do domething
    }
}

      

        
        
        
      

    

this is the config in web.config - connectionString and MembershipProvider

    <add name="IAMConnectionString" connectionString="LDAP://serveraddres/DC=BLAH,DC=COM" />

    <add name="AspNetActiveDirectoryMembershipProvider"
      type="System.Web.Security.ActiveDirectoryMembershipProvider, 
        System.Web, Version=2.0.0.0, Culture=neutral, 
        PublicKeyToken=b03f5f7f11d50a3a"
      connectionStringName="ADConnectionString"
      connectionUsername="validusername"
      connectionPassword="validpassword" enableSearchMethods="true"
      attributeMapUsername="sAMAccountName"
         connectionProtection="Secure"
         />

      

        
        
        
      

    

Why does DirectorySercher work fine but Memberhip.GetAllUsers () doesn't have a service with the same account?