VMware Cloud Community
dbutch1976
Hot Shot
Hot Shot
‎05-27-2014 09:12 AM

This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it.


Hello,

I opened a ticket with VMware support in an attempt to resolve the following error I am seeing in my vCheck:

This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically. Directory instance: ADAM_VMwareVCMSDS Directory instance LDAP port: 389 directory instance SSL port: 636.

The support tech made the following suggestions:

ADWS reads these registry entries to check for the configuration settings:

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)

To resolve this issue:

    Verify that the above registry keys exist and have appropriate values.
    Ensure that the NT AUTHORITY\SYSTEM account has permission to read the values.
    Verify that ADWS runs under the Local System account.
    Ensure that the HKLM\System\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters\Port SSL
    key is of type REG_DWORD. If the value is REG_SZ, you must delete it and create a new REG_DWORD with the value 636 (decimal).

Unfortunately after working through each of these suggestions VMware support kicked the can over to Microsoft.

I have check both the vpxd log on the vCenter and the Windows system logs on the vCenter and cannot find this error.  Does anyone know where the vCheck is pulling this error from?  That would be a good place to start if I'm going to attempt to open a ticket with MS.

Reply
0 Kudos
8 Replies
LucD
Leadership
Leadership
‎05-27-2014 10:06 AM

Could it that you are suffering from this problem ?

See vCenter 5 Active Directory Web Services Error 1209


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
dbutch1976
Hot Shot
Hot Shot
‎06-10-2014 10:00 AM

Hi LucD,

I don't think that is my issue, however your link lead me to this:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/62a3f70f-d326-4d52-aee8-42b59a0298b9/...

It looks like this is a MicroSoft issue.  I'm going to open a ticket with them and get back with my findings.

Thanks!

Reply
0 Kudos
dbutch1976
Hot Shot
Hot Shot
‎06-11-2014 06:36 AM

Hello,

I have opened a ticket with MicroSoft.  They are telling me that Active Directory Web Services should not be required on a vCenter.  Sure enough, I have stopped the service on a lab machine and the errors in the Active Directory Web Services log have ceased.

I'm trying to find more information on how vCenter servcies interoperate with the Active Directory Web Services.  I suspect there are dependancies on the service, but after stopping the service I was able to log into vCenter and have not seen any immediate issues.

Does anyone know what the relationship is between ADWS and Vmware services and roles?

Thanks.

Reply
0 Kudos
LucD
Leadership
Leadership
‎06-11-2014 06:58 AM

Isn't that needed when you want to do Active Directory authentication and set up SSO ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dbutch1976
Hot Shot
Hot Shot
‎06-11-2014 07:03 AM


That sounds logical, but after turning off the service I am still able to log in via my AD credentials.  Perhaps ADWS is only requied during the initial install/config and can be safely turned off afterwards?

Personally, I would rather turn all unesscessary services off, and if MS is saying it's not neccessary for ADAM, then I think I need VMware to tell me what it's needed for.

Reply
0 Kudos
dbutch1976
Hot Shot
Hot Shot
‎06-27-2014 06:24 AM

After opening a ticket with VMware support they have replied:

From the case notes, I understand that there are error messages related to LDAP and need to know if vCenter services is dependent on Active Directory Web Services Service, please correct me if I am wrong.

vCenter server service is not dependent on Active Directory Web Services, you can go ahead and stop this service.

I have tested stopping this service in my lab and the errors have cleared and have not come back.   I have been able to authenticate using the web client and SSO appears to be functioning normally.  I am going to make this change in production next.

Hopefully I won't be the first person to discover what this service actually does that hard way.

Reply
0 Kudos
Beercules
Contributor
Contributor
‎11-27-2014 12:13 PM

Ok, since there is very little information about this issue available, I figured I'd post my first ever post with an update on this issue. Which I was able to resolve.


We had five vCenter servers 5.5 with only two were showing the issue every minute:

 

This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.

Directory instance: ADAM_VMwareVCMSDS

Directory instance LDAP port: 389

Directory instance SSL port: 636

After extensive troubleshooting I found that if you stop both the VMwareVCMSDS and Active Directory Web Service (ADWS) and only start (ADWS) we got the following error.

 

This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.

Directory instance: NTDS

Directory instance LDAP port: 389

Directory instance SSL port: 636

This was odd, the same error but with a different service. I started to look around in the registery again and found the following setting, which was only on the two servers having the issue:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\parameters]

"ldapserverintegrity"=dword:00000001

Once I removed this registry key, configured both ADWS and VMwareVCMSDS to start automaticlly, I reboot the server and to my suprise the issue has now been resolved. ** please take a backup of the registry before completing this step, you never know what could happen.

I hope this resolves others issues, if you have any questions regarding this, please dont hesitate to ask.

Good luck.
Beercules.

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-27-2014 12:32 PM

That is a great find, thanks for sharing that.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos