The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Active Directory Web Services fails to read the settings for the specified Active Directory Lightweight Directory Services instance (1023864)
- After installing vCenter Server, the Active Directory Web Services (ADWS) is unable to read the settings for the specified Active Directory Lightweight Directory Services (AD LDS) instance
- You see the error:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically.
- You see the Microsoft Event ID: 1209
This issue is resolved in:
- VMware vCenter Server 4.1 Update 3 released August 30, 2012,
- VMware vCenter Server 5.0 Update 2 released December 20, 2012
- VMware vCenter Server 5.1 Update 1a released May 22, 2013
For further information, see the following:
- VMware vCenter Server 4.1 Update 3 Release Notes
- VMware vCenter Server 5.0 Update 2 Release Notes
- VMware vCenter Server 5.1 Update 1a Release Notes
This issue occurs if ADWS is unable to read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL) services.
ADWS reads these registry entries to check for the configuration settings:
Value: Port LDAP
Data: 1 – 65535 (default: 389)
Value: Port SSL
Data: 1 – 65535 (default: 636)
To resolve this issue:
- Verify that the above registry keys exist and have appropriate values.
- Ensure that the NT AUTHORITY\SYSTEM account has permission to read the values.
- Verify that ADWS runs under the Local System account.
- Ensure that the HKLM\System\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters\Port SSL
key is of type REG_DWORD. If the value is REG_SZ, you must delete it and create a new REG_DWORD with the value 636 (decimal).
- Ensure that the Domain Controller LDAP server signing (HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity) is disabled (set to 1). For more information about LDAP signing, see Microsoft KB935834.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.