Yes the title is seriously long but I couldn’t think of a better title for it so used the error 
.
Almost a month back now I was having the above errors in my Virtual Centre Server. Due to the need for a recent rebuild our Virtual Centre server is installed on a Windows 2008 server. The server is fine, but after going through the logs of the server I noticed the above error happening every couple of minutes, so I researched it and came across a VMware communities thread about the error but there was no real solution to it. So I scoured the web and came across the solution as it’s not a VMware error but a Windows/Microsoft error/event which “is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL).” The fix was on a Microsoft Active Directory blog, the last question was it exactly. I’ve posted the solution from the blog posting here:
Active Directory Web Services
Q: I’m seeing the following warning event recorded in the Active Directory Web Services event log about once a minute.
Log Name: Active Directory Web Services
Source: ADWS
Date: 4/8/2010 3:13:53 PM
Event ID: 1209
Task Category: ADWS Instance Events
Level: Warning
Keywords: Classic
User: N/A
Computer: corp-adlds-01.corp.contoso.com
Description:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.
Instance name: ADAM_ContosoAddressbook
I can’t find any Microsoft resources to explain why this event occurs, or what it means.
A: Well…we couldn’t find any documentation either, but we were curious ourselves so we dug into the problem. It turns out that event is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL). In our test environment, we deleted those values and restarted the ADWS service, and sure enough, those pesky warning events started getting logged.
The following registry values are read by ADWS:
Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)
Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)
Verify that the registry values described above exist and have the appropriate values. Also verify that the NT AUTHORITY\SYSTEM account has permission to read the values. ADWS runs under the Local System account.
Once you’ve corrected the problem, restart the ADWS service. If you have to recreate the registry values because they’ve been deleted, restart the AD LDS instance before restarting the ADWS service.
Thanks to Simon Long for reminding me I had this as a blog draft from over a month ago that I seem to have forgotten to post.
Gregg Robertson
*UPDATE* I’ve just had to do this fix for the latest installation of vCentre and as mentioned by people in the comments below the path is now HKLM\System\CurrentControlSet\Services\ADAM_VMwareVCMSDS\Parameters , the | SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636.
Awesome, very useful. Thanks.
I had to deal with the empty REG_SZ issue. Thanks to your post, i solve it quickly but i had to replace the emptu REG_SZ by a filled REG_DWORD to make it work.
Glad it helped =0)
[...] problème, coté base ADAM cette fois, dont nous devons la résolution à Gregg Robertson : Active Directory Web Services encountered an error while reading the settings for the specified [...]
Great post. You saved my day!
[...] blogs. Also a thank you to Troy Clavell on the VMware forums for linking back to my posting on the Active Directory Web Services encountered an error while reading the settings for the specified Acti… error and solution. It’s been the most read posting on my blog for the past week because of his [...]
Thanks. I also had this problem running 2008R2 on VMWare 4.1. Port SSL was defined as a REG_SZ and blank. Simply adding the value to this REG_SZ key didn’t work. I had to delete the theREG_SZ Port SSL key and create a new one as REG_DWORD and enter the new value. Thanks for your help with this!
Great =) Glad it helped you out
[...] like a large number people seeing as how much traffic I get to the posting you may get an “Active Directory Web Services encountered an error while reading the settings for the specified Acti…” error and will need to make a few registry changes to fix the error as defined in my blog [...]
Same as Matt, I have to recreate the Port SSL as a REG_DWORD. Filling the Port SSL with REG_SZ with 636 does’nt work.
Make sure you select decimal when entering the value, the default is hex, which is very likely the reason it didn’t work for you.
I had also to deal with this SSL port problem and found it really difficult to solve because not a piece of information is given on vmware site. I think you did an excellent job of linking the vsphere problem with the Microsoft post on ADAM!!!
Thanks!!!
Carlo
=0) Thanks, glad it helped you out
[...] document the solution here so it is easier to find if I run into this problem again. As described here this is caused by a simple registry setting. Browse to the following [...]
Hi,
Thanks a lot, this really cleared up my eventlog….
Awesome post
I agree with the earlier posts by Sysadmin/Matt ’bout DWORD. Yes REG_SZ doesn’t work.
Hi,
I made the changes suggested and those errors went away but this one started:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine
Other people may find this happens as a result of the change.
regards,
John
Hi.
Glad it helped =0) I’ve replied to you via the VMware communities on what i think is causing your errors.
Gregg
[...] Active Directory Web Services encountered an error while reading the settings for the specified Acti… July 201018 comments 3 [...]
[...] After a bit of research I found a post in the VMware Community which lead me to the fix that is here. [...]
Thanks. This helped me a lot!
Regards,
Paul
P.S. Posted a tweet on @ikbenpaulsmit for you, but my account is private, so you probably did not read it.
Hi Gregg,
I’ve just done an new install of vCenter 4.1 (build 258902) and the ADAM instance was not registered as VMwareVCMSDS, but as ADAM_VMwareVCMSDS.
Otherwise the reg value still had to be created as a Reg_DWORD and populated.
Cheers,
HamR
Hi Hamish
Thanks for adding that and the new names. Disappointing to hear that even newer versions of vCentre are still giving this error
Gregg
I discovered my VirtualCenter services refused to start. After checking the logs I determined that VirtualCenter was unable to communicate with the LDAP service. The service would start ok, but the event ID 1209 mentioned above would be logged in my event log.
I would also see this in the VPXD log in c:\ProgramData\Vmware\VMware VirtualCenter\Logs\vpxd-##.log:
error ‘APP’] [LDAP Client] Failed to connect to LDAP: 0×51 (Cannot contact the LDAP Server.)
error ‘APP’] [VpxdLdap] Failed to create LDAP client
VirtualCenter would then attempt an LDAP restore and then stop the LDAP service. The process could still not connect to LDAP and I never could get into VirtualCenter.
I looked at the registry entry for the service and found that I had a Reg_DWORD value of 000 for the port. After entering the value at 636 and restarting the server my virtualcenter service has finally started. Thank you!
Thanks heaps for this. I had the REG_SZ issue as well. Who knows how long its been happening for, only just noticed the errors kind of randomly today, but this fix worked a treat!
No worries =0) Glad it helped you out
I have made the changes and still get the 1209 events. What now?
Hi
If you’ve made the changes then the problem should go away. If it’s still there maybe recheck you did all the steps correctly as these steps definitely work.
Gregg
Thanks man ! I have also Reg_sz key for the SSL. Removed, create new one, restart and wow… world of wonders – error disappear
Thanks again.
now, there is another error
All help is welcome
This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: ADAM_VMwareVCMSDS
Directory instance LDAP port: 389
Directory instance SSL port: 636
Hi
I’m not sure why you’re getting a new error as once i made the changes the problem went away. Have you tried redoing the key?
Gregg
Still an issue with vCenter 5 (wasn’t sure if that was what you were referring to in your update in the original article).
Thankfully the fix still works.
Thanks,
Jason
Hi
No I didn’t know that it was still happening but glad the fix still works
Gregg
Thanks, I hit this problem with an upgrade from 4.1 to 5 on both my vCenter boxes, the ADAM instance name is ADAM_VMwareVCMSDS
and vmware have a kb for this too http://kb.vmware.com/kb/1023864
Cheers
problem fixed.
Tx for the solution.
I had this problem on a brand new vCenter 5 installation. Thanks for the fix!
Thank you Gregg… your post worked for me..
“SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636″
restarted the ADWS services after the SSL REG_DWORD entry and it worked.
No worries :0) Glad it worked for you
Hi there,
I have problem, what and where in the regedit
Do not laugh at me and help me, please.
Euklid
Hi
Go to start,run,type in regedit and press enter. I say this in the nicest way possible but if you don’t know how to get to regedit then be very very careful not change anything else or else you may cause irreversible damage to your server
Gregg
Thanks Greg, I really wanted to, but where is regedit than to tell me where and what? Please!
What is ADAM INSTANCE NAME and where is?
Excellent, for some reason our SSL Port entry was a string and had no value. I added a DWORD and all was fixed
)
Glad it worked for you
Thanks Gregg! worked for me…like Chris above, my SSL entry was a string…
One addition:
I did al the steps mentioned in the article. I still got the error in the event log.
Then I noticed that the Machine DN Name was incorrect, by my own doing. Several days ago I have changed the sitename Default-First-Site-Name to MySiteName. After correcting the DN Name the error was gone.