Active Directory Web Services fails to read the settings for the specified Active Directory Lightweight Directory Services instance
search cancel

Active Directory Web Services fails to read the settings for the specified Active Directory Lightweight Directory Services instance

book

Article ID: 310484

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • After installing vCenter Server, the Active Directory Web Services (ADWS) is unable to read the settings for the specified Active Directory Lightweight Directory Services (AD LDS) instance
  • You see the error:

    Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically.

  • You see the Microsoft Event ID: 1209


Environment

VMware vCenter Server 4.1.x
VMware vCenter Server 5.0.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.5.x
VMware vCenter Server 5.1.x

Resolution

This issue is resolved in:
  • VMware vCenter Server 4.1 Update 3 released August 30, 2012,
  • VMware vCenter Server 5.0 Update 2 released December 20, 2012
  • VMware vCenter Server 5.1 Update 1a released May 22, 2013

For further information, see the following:
To download the latest vCenter Server release, see the VMware Download Center.

This issue occurs if ADWS is unable to read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL) services.

ADWS reads these registry entries to check for the configuration settings:

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)


To resolve this issue:
    1. Verify that the above registry keys exist and have appropriate values.
    2. Ensure that the NT AUTHORITY\SYSTEM account has permission to read the values.
    3. Verify that ADWS runs under the Local System account.
    4. Ensure that the HKLM\System\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters\Port SSL
      key is of type REG_DWORD. If the value is REG_SZ, you must delete it and create a new REG_DWORD with the value 636 (decimal).
    5. Ensure that the Domain Controller LDAP server signing (HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity) is disabled (set to 1). For more information about LDAP signing, see Microsoft KB935834.


    Additional Information


    Active Directory Web サービスで、指定された Active Directory ライトウェイト ディレクトリ サービス インスタンスの設定を読み取ることができない
    Active Directory Web 服务无法读取指定的 Active Directory 轻量级目录服务实例的设置