Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Active Directory Web Services fails to read the settings for the specified Active Directory Lightweight Directory Services instance (1023864)

Symptoms

  • After installing vCenter Server, the Active Directory Web Services (ADWS) is unable to read the settings for the specified Active Directory Lightweight Directory Services (AD LDS) instance
  • You see the error:

    Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically.

  • You see the Microsoft Event ID: 1209

Resolution

This issue is resolved in: 
  • VMware vCenter Server 4.1 Update 3 released August 30, 2012, 
  • VMware vCenter Server 5.0 Update 2 released December 20, 2012 
  • VMware vCenter Server 5.1 Update 1a released May 22, 2013

For further information, see the following:
To download the latest vCenter Server release, see the VMware Download Center.

This issue occurs if ADWS is unable to read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL) services.
 
ADWS reads these registry entries to check for the configuration settings:

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)


To resolve this issue:
    1. Verify that the above registry keys exist and have appropriate values.
    2. Ensure that the NT AUTHORITY\SYSTEM account has permission to read the values.
    3. Verify that ADWS runs under the Local System account.
    4. Ensure that the HKLM\System\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters\Port SSL
      key is of type REG_DWORD. If the value is REG_SZ, you must delete it and create a new REG_DWORD with the value 636 (decimal).
    5. Ensure that the Domain Controller LDAP server signing (HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity) is disabled (set to 1). For more information about LDAP signing, see Microsoft KB935834.

    See Also

    Update History

    01/31/2013 - adding PR 788814

    Request a Product Feature

    To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

    Feedback

    • 39 Ratings

    Did this article help you?
    This article resolved my issue.
    This article did not resolve my issue.
    This article helped but additional information was required to resolve my issue.
    What can we do to improve this information? (4000 or fewer characters)
    • 39 Ratings
    Actions
    KB: