TheSaffaGeek

My ramblings about all things technical

Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.

63 Comments

Yes the title is seriously long but I couldn’t think of a better title for it so used the error :).

Almost a month back now I was having the above errors in my Virtual Centre Server. Due to the need for a recent rebuild our Virtual Centre server is installed on a Windows 2008 server. The server is fine, but after going through the logs of the server I noticed the above error happening every couple of minutes, so I researched it and came across a VMware communities thread about the error but there was no real solution to it. So I scoured the web and came across the solution as it’s not a VMware error but a Windows/Microsoft error/event which “is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL).” The fix was on a Microsoft Active Directory blog, the last question was it exactly. I’ve posted the solution from the blog posting here:

Active Directory Web Services

Q: I’m seeing the following warning event recorded in the Active Directory Web Services event log about once a minute.

Log Name:      Active Directory Web Services
Source:        ADWS
Date:          4/8/2010 3:13:53 PM
Event ID:      1209
Task Category: ADWS Instance Events
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      corp-adlds-01.corp.contoso.com
Description:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance.  Active Directory Web Services will retry this operation periodically.  In the mean time, this instance will be ignored.
Instance name: ADAM_ContosoAddressbook

I can’t find any Microsoft resources to explain why this event occurs, or what it means.

A: Well…we couldn’t find any documentation either, but we were curious ourselves so we dug into the problem. It turns out that event is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL). In our test environment, we deleted those values and restarted the ADWS service, and sure enough, those pesky warning events started getting logged.

The following registry values are read by ADWS:

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)

Verify that the registry values described above exist and have the appropriate values. Also verify that the NT AUTHORITY\SYSTEM account has permission to read the values. ADWS runs under the Local System account.

Once you’ve corrected the problem, restart the ADWS service. If you have to recreate the registry values because they’ve been deleted, restart the AD LDS instance before restarting the ADWS service.

Thanks to Simon Long for reminding me I had this as a blog draft from over a month ago that I seem to have forgotten to post.

Gregg Robertson

*UPDATE* I’ve just had to do this fix for the latest installation of vCentre and as mentioned by people in the comments below the path is now HKLM\System\CurrentControlSet\Services\ADAM_VMwareVCMSDS\Parameters , the | SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636.

About these ads

63 thoughts on “Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.

  1. I had to deal with the empty REG_SZ issue. Thanks to your post, i solve it quickly but i had to replace the emptu REG_SZ by a filled REG_DWORD to make it work.

  2. Pingback: /! Migration vCenter 4.0>4.1 & SQL Server Express /! - Hypervisor.fr

  3. Great post. You saved my day!

  4. Pingback: All Things Virtual 15 « TheSaffaGeek

  5. Thanks. I also had this problem running 2008R2 on VMWare 4.1. Port SSL was defined as a REG_SZ and blank. Simply adding the value to this REG_SZ key didn’t work. I had to delete the theREG_SZ Port SSL key and create a new one as REG_DWORD and enter the new value. Thanks for your help with this!

  6. Pingback: All Things Virtual 18 « TheSaffaGeek

  7. Same as Matt, I have to recreate the Port SSL as a REG_DWORD. Filling the Port SSL with REG_SZ with 636 does’nt work.

    • Make sure you select decimal when entering the value, the default is hex, which is very likely the reason it didn’t work for you.

  8. I had also to deal with this SSL port problem and found it really difficult to solve because not a piece of information is given on vmware site. I think you did an excellent job of linking the vsphere problem with the Microsoft post on ADAM!!!
    Thanks!!!
    Carlo

  9. Pingback: EnterpriseAdmins.org » Blog Archive » vCenter ADAM_VMwareVCMSDS event every 1 minute

  10. Hi,

    Thanks a lot, this really cleared up my eventlog….

  11. Awesome post

    I agree with the earlier posts by Sysadmin/Matt ’bout DWORD. Yes REG_SZ doesn’t work.

  12. Hi,
    I made the changes suggested and those errors went away but this one started:

    Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine

    Other people may find this happens as a result of the change.

    regards,

    John

  13. Pingback: 2010 in review « TheSaffaGeek

  14. Pingback: VMware vCenter ADAM_VMwareVCMSDS Warning : My Geek Finds

  15. Thanks. This helped me a lot!

    Regards,

    Paul
    P.S. Posted a tweet on @ikbenpaulsmit for you, but my account is private, so you probably did not read it. :)

  16. Hi Gregg,

    I’ve just done an new install of vCenter 4.1 (build 258902) and the ADAM instance was not registered as VMwareVCMSDS, but as ADAM_VMwareVCMSDS.

    Otherwise the reg value still had to be created as a Reg_DWORD and populated.

    Cheers,
    HamR

  17. I discovered my VirtualCenter services refused to start. After checking the logs I determined that VirtualCenter was unable to communicate with the LDAP service. The service would start ok, but the event ID 1209 mentioned above would be logged in my event log.

    I would also see this in the VPXD log in c:\ProgramData\Vmware\VMware VirtualCenter\Logs\vpxd-##.log:
    error ‘APP’] [LDAP Client] Failed to connect to LDAP: 0x51 (Cannot contact the LDAP Server.)
    error ‘APP’] [VpxdLdap] Failed to create LDAP client

    VirtualCenter would then attempt an LDAP restore and then stop the LDAP service. The process could still not connect to LDAP and I never could get into VirtualCenter.

    I looked at the registry entry for the service and found that I had a Reg_DWORD value of 000 for the port. After entering the value at 636 and restarting the server my virtualcenter service has finally started. Thank you!

  18. Thanks heaps for this. I had the REG_SZ issue as well. Who knows how long its been happening for, only just noticed the errors kind of randomly today, but this fix worked a treat!

  19. I have made the changes and still get the 1209 events. What now?

  20. Thanks man ! I have also Reg_sz key for the SSL. Removed, create new one, restart and wow… world of wonders – error disappear :)
    Thanks again.

  21. now, there is another error :(
    All help is welcome

    This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.

    Directory instance: ADAM_VMwareVCMSDS
    Directory instance LDAP port: 389
    Directory instance SSL port: 636

    • Hi

      I’m not sure why you’re getting a new error as once i made the changes the problem went away. Have you tried redoing the key?

      Gregg

      • I’m getting this one too. I deleted and added the SSL entry and restarted ADWS and now it is an Event ID 1202 error. Googling for it now, but wanted to post just in case other people are getting it.

  22. Still an issue with vCenter 5 (wasn’t sure if that was what you were referring to in your update in the original article).

    Thankfully the fix still works.

    Thanks,

    Jason

  23. Thanks, I hit this problem with an upgrade from 4.1 to 5 on both my vCenter boxes, the ADAM instance name is ADAM_VMwareVCMSDS
    and vmware have a kb for this too http://kb.vmware.com/kb/1023864
    Cheers

  24. problem fixed.
    Tx for the solution. :-)

  25. I had this problem on a brand new vCenter 5 installation. Thanks for the fix!

  26. Thank you Gregg… your post worked for me..

    “SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636″

    restarted the ADWS services after the SSL REG_DWORD entry and it worked.

  27. Hi there,
    I have problem, what and where in the regedit
    Do not laugh at me and help me, please.
    Euklid

    • Hi

      Go to start,run,type in regedit and press enter. I say this in the nicest way possible but if you don’t know how to get to regedit then be very very careful not change anything else or else you may cause irreversible damage to your server

      Gregg

      • Thanks Greg, I really wanted to, but where is regedit than to tell me where and what? Please!
        What is ADAM INSTANCE NAME and where is?

  28. Excellent, for some reason our SSL Port entry was a string and had no value. I added a DWORD and all was fixed :o)

  29. Thanks Gregg! worked for me…like Chris above, my SSL entry was a string…

  30. One addition:
    I did al the steps mentioned in the article. I still got the error in the event log.
    Then I noticed that the Machine DN Name was incorrect, by my own doing. Several days ago I have changed the sitename Default-First-Site-Name to MySiteName. After correcting the DN Name the error was gone.

  31. Thanks Gregg, changed the Dword and added the 636. Restarted the service and have not had the message for 6 minutes and counting. was occuring several times a minute prior to that. One more error down….many to go.

  32. Just had to deal with the vCenter Reg_SZ issue. Thank you for confirming my suspicions!

  33. After upgrading vCenter to 5.1 this issue returned, I had to fix it for the second time. So thanks again!

  34. Please can someone comment on the implications of restarting the adam service on a live production system

  35. Pingback: vCenter next prob | Michael Ellerbeck

  36. Many thanks for your fix, recreating Port SSL key works fine.
    Have a nice day :-)

  37. Nice fix. My syslogs thank you and so do I!

  38. Also make sure the REG_DWORD you create is 32bit, 64bit REG_DWORD for some reason does not work on Win2K8-R2

  39. Works Thanks this started after a windows security patch…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 61 other followers