Yes the title is seriously long but I couldn’t think of a better title for it so used the error :).
Almost a month back now I was having the above errors in my Virtual Centre Server. Due to the need for a recent rebuild our Virtual Centre server is installed on a Windows 2008 server. The server is fine, but after going through the logs of the server I noticed the above error happening every couple of minutes, so I researched it and came across a VMware communities thread about the error but there was no real solution to it. So I scoured the web and came across the solution as it’s not a VMware error but a Windows/Microsoft error/event which “is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL).” The fix was on a Microsoft Active Directory blog, the last question was it exactly. I’ve posted the solution from the blog posting here:
Active Directory Web Services
Q: I’m seeing the following warning event recorded in the Active Directory Web Services event log about once a minute.
Log Name: Active Directory Web Services
Source: ADWS
Date: 4/8/2010 3:13:53 PM
Event ID: 1209
Task Category: ADWS Instance Events
Level: Warning
Keywords: Classic
User: N/A
Computer: corp-adlds-01.corp.contoso.com
Description:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.
Instance name: ADAM_ContosoAddressbook
I can’t find any Microsoft resources to explain why this event occurs, or what it means.
A: Well…we couldn’t find any documentation either, but we were curious ourselves so we dug into the problem. It turns out that event is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL). In our test environment, we deleted those values and restarted the ADWS service, and sure enough, those pesky warning events started getting logged.
The following registry values are read by ADWS:
Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)
Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)
Verify that the registry values described above exist and have the appropriate values. Also verify that the NT AUTHORITY\SYSTEM account has permission to read the values. ADWS runs under the Local System account.
Once you’ve corrected the problem, restart the ADWS service. If you have to recreate the registry values because they’ve been deleted, restart the AD LDS instance before restarting the ADWS service.
Thanks to Simon Long for reminding me I had this as a blog draft from over a month ago that I seem to have forgotten to post.
Gregg Robertson
*UPDATE* I’ve just had to do this fix for the latest installation of vCentre and as mentioned by people in the comments below the path is now HKLM\System\CurrentControlSet\Services\ADAM_VMwareVCMSDS\Parameters , the | SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636.
July 16, 2010 at 9:31 am
Awesome, very useful. Thanks.
July 17, 2010 at 10:32 pm
I had to deal with the empty REG_SZ issue. Thanks to your post, i solve it quickly but i had to replace the emptu REG_SZ by a filled REG_DWORD to make it work.
July 18, 2010 at 12:45 pm
Glad it helped =0)
Pingback: /! Migration vCenter 4.0>4.1 & SQL Server Express /! - Hypervisor.fr
August 5, 2010 at 10:38 am
Great post. You saved my day!
August 5, 2010 at 12:32 pm
🙂 Glad it helped
Pingback: All Things Virtual 15 « TheSaffaGeek
September 2, 2010 at 7:41 pm
Thanks. I also had this problem running 2008R2 on VMWare 4.1. Port SSL was defined as a REG_SZ and blank. Simply adding the value to this REG_SZ key didn’t work. I had to delete the theREG_SZ Port SSL key and create a new one as REG_DWORD and enter the new value. Thanks for your help with this!
September 3, 2010 at 11:55 am
Great =) Glad it helped you out
Pingback: All Things Virtual 18 « TheSaffaGeek
October 29, 2010 at 7:20 am
Same as Matt, I have to recreate the Port SSL as a REG_DWORD. Filling the Port SSL with REG_SZ with 636 does’nt work.
July 7, 2011 at 12:06 pm
Make sure you select decimal when entering the value, the default is hex, which is very likely the reason it didn’t work for you.
November 4, 2010 at 11:05 am
I had also to deal with this SSL port problem and found it really difficult to solve because not a piece of information is given on vmware site. I think you did an excellent job of linking the vsphere problem with the Microsoft post on ADAM!!!
Thanks!!!
Carlo
November 4, 2010 at 1:07 pm
=0) Thanks, glad it helped you out
Pingback: EnterpriseAdmins.org » Blog Archive » vCenter ADAM_VMwareVCMSDS event every 1 minute
December 7, 2010 at 10:11 am
Hi,
Thanks a lot, this really cleared up my eventlog….
December 16, 2010 at 3:35 am
Awesome post
I agree with the earlier posts by Sysadmin/Matt ’bout DWORD. Yes REG_SZ doesn’t work.
December 21, 2010 at 1:08 am
Hi,
I made the changes suggested and those errors went away but this one started:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine
Other people may find this happens as a result of the change.
regards,
John
December 21, 2010 at 8:15 am
Hi.
Glad it helped =0) I’ve replied to you via the VMware communities on what i think is causing your errors.
Gregg
October 10, 2014 at 2:46 pm
Hi Gregg,
I’m having the above issues also, if possible could you share the fix?
October 13, 2014 at 2:03 pm
Hi,
The fix is to create the registry entries as mentioned in the above posting.
Gregg
Pingback: 2010 in review « TheSaffaGeek
Pingback: VMware vCenter ADAM_VMwareVCMSDS Warning : My Geek Finds
April 1, 2011 at 12:53 pm
Thanks. This helped me a lot!
Regards,
Paul
P.S. Posted a tweet on @ikbenpaulsmit for you, but my account is private, so you probably did not read it. 🙂
April 6, 2011 at 7:37 am
🙂 Glad it helped you out and thanks for the tweet
April 19, 2011 at 6:04 am
Hi Gregg,
I’ve just done an new install of vCenter 4.1 (build 258902) and the ADAM instance was not registered as VMwareVCMSDS, but as ADAM_VMwareVCMSDS.
Otherwise the reg value still had to be created as a Reg_DWORD and populated.
Cheers,
HamR
April 20, 2011 at 7:07 am
Hi Hamish
Thanks for adding that and the new names. Disappointing to hear that even newer versions of vCentre are still giving this error
Gregg
May 24, 2011 at 5:36 pm
I discovered my VirtualCenter services refused to start. After checking the logs I determined that VirtualCenter was unable to communicate with the LDAP service. The service would start ok, but the event ID 1209 mentioned above would be logged in my event log.
I would also see this in the VPXD log in c:\ProgramData\Vmware\VMware VirtualCenter\Logs\vpxd-##.log:
error ‘APP’] [LDAP Client] Failed to connect to LDAP: 0x51 (Cannot contact the LDAP Server.)
error ‘APP’] [VpxdLdap] Failed to create LDAP client
VirtualCenter would then attempt an LDAP restore and then stop the LDAP service. The process could still not connect to LDAP and I never could get into VirtualCenter.
I looked at the registry entry for the service and found that I had a Reg_DWORD value of 000 for the port. After entering the value at 636 and restarting the server my virtualcenter service has finally started. Thank you!
August 24, 2011 at 2:03 am
Thanks heaps for this. I had the REG_SZ issue as well. Who knows how long its been happening for, only just noticed the errors kind of randomly today, but this fix worked a treat!
August 24, 2011 at 10:04 am
No worries =0) Glad it helped you out
August 31, 2011 at 4:33 pm
I have made the changes and still get the 1209 events. What now?
September 1, 2011 at 7:20 am
Hi
If you’ve made the changes then the problem should go away. If it’s still there maybe recheck you did all the steps correctly as these steps definitely work.
Gregg
September 2, 2011 at 11:55 am
Thanks man ! I have also Reg_sz key for the SSL. Removed, create new one, restart and wow… world of wonders – error disappear 🙂
Thanks again.
September 2, 2011 at 1:20 pm
now, there is another error 😦
All help is welcome
This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: ADAM_VMwareVCMSDS
Directory instance LDAP port: 389
Directory instance SSL port: 636
September 2, 2011 at 2:19 pm
Hi
I’m not sure why you’re getting a new error as once i made the changes the problem went away. Have you tried redoing the key?
Gregg
July 30, 2013 at 3:27 pm
I’m getting this one too. I deleted and added the SSL entry and restarted ADWS and now it is an Event ID 1202 error. Googling for it now, but wanted to post just in case other people are getting it.
September 29, 2011 at 8:42 pm
Still an issue with vCenter 5 (wasn’t sure if that was what you were referring to in your update in the original article).
Thankfully the fix still works.
Thanks,
Jason
September 30, 2011 at 8:40 am
Hi
No I didn’t know that it was still happening but glad the fix still works
Gregg
November 9, 2011 at 12:37 am
Thanks, I hit this problem with an upgrade from 4.1 to 5 on both my vCenter boxes, the ADAM instance name is ADAM_VMwareVCMSDS
and vmware have a kb for this too http://kb.vmware.com/kb/1023864
Cheers
November 9, 2011 at 8:44 am
problem fixed.
Tx for the solution.
🙂
March 4, 2012 at 8:22 am
I had this problem on a brand new vCenter 5 installation. Thanks for the fix!
March 5, 2012 at 1:03 pm
🙂 Glad it helped you out
March 5, 2012 at 4:10 pm
Thank you Gregg… your post worked for me..
“SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636”
restarted the ADWS services after the SSL REG_DWORD entry and it worked.
March 5, 2012 at 7:25 pm
No worries :0) Glad it worked for you
March 15, 2012 at 7:49 am
Hi there,
I have problem, what and where in the regedit
Do not laugh at me and help me, please.
Euklid
March 15, 2012 at 3:11 pm
Hi
Go to start,run,type in regedit and press enter. I say this in the nicest way possible but if you don’t know how to get to regedit then be very very careful not change anything else or else you may cause irreversible damage to your server
Gregg
March 19, 2012 at 7:27 am
Thanks Greg, I really wanted to, but where is regedit than to tell me where and what? Please!
What is ADAM INSTANCE NAME and where is?
March 15, 2012 at 10:51 am
Excellent, for some reason our SSL Port entry was a string and had no value. I added a DWORD and all was fixed :o)
March 15, 2012 at 3:12 pm
Glad it worked for you 😀
April 13, 2012 at 5:23 pm
Thanks Gregg! worked for me…like Chris above, my SSL entry was a string…
May 3, 2012 at 6:35 pm
One addition:
I did al the steps mentioned in the article. I still got the error in the event log.
Then I noticed that the Machine DN Name was incorrect, by my own doing. Several days ago I have changed the sitename Default-First-Site-Name to MySiteName. After correcting the DN Name the error was gone.
October 4, 2012 at 5:12 pm
Thanks Gregg, changed the Dword and added the 636. Restarted the service and have not had the message for 6 minutes and counting. was occuring several times a minute prior to that. One more error down….many to go.
October 6, 2012 at 11:17 am
Glad it helped you =0)
October 24, 2012 at 2:28 am
Just had to deal with the vCenter Reg_SZ issue. Thank you for confirming my suspicions!
November 15, 2012 at 8:26 am
After upgrading vCenter to 5.1 this issue returned, I had to fix it for the second time. So thanks again!
January 14, 2013 at 3:54 pm
Please can someone comment on the implications of restarting the adam service on a live production system
Pingback: vCenter next prob | Michael Ellerbeck
April 16, 2013 at 7:43 am
Many thanks for your fix, recreating Port SSL key works fine.
Have a nice day 🙂
April 18, 2013 at 11:35 am
Glad to hear it 😀
May 7, 2013 at 8:01 pm
Nice fix. My syslogs thank you and so do I!
October 22, 2013 at 9:21 am
Works. Thanks 🙂
January 8, 2014 at 11:08 pm
Also make sure the REG_DWORD you create is 32bit, 64bit REG_DWORD for some reason does not work on Win2K8-R2
February 13, 2014 at 2:59 pm
Works Thanks this started after a windows security patch…
October 23, 2015 at 2:33 pm
still affected even though it is 5.5 !!
Had to delete incorrect key and re-add as DWORD