Active Directory Web Services

Q: I’m seeing the following warning event recorded in the Active Directory Web Services event log about once a minute.

Log Name: Active Directory Web Services
Source: ADWS
Date: 4/8/2010 3:13:53 PM
Event ID: 1209
Task Category: ADWS Instance Events
Level: Warning
Keywords: Classic
User: N/A
Computer: corp-adlds-01.corp.contoso.com
Description:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored.
Instance name: ADAM_ContosoAddressbook

I can’t find any Microsoft resources to explain why this event occurs, or what it means.

A: Well…we couldn’t find any documentation either, but we were curious ourselves so we dug into the problem. It turns out that event is only recorded if ADWS can’t read the ports that AD LDS is configured to use for LDAP and Secure LDAP (SSL). In our test environment, we deleted those values and restarted the ADWS service, and sure enough, those pesky warning events started getting logged.

The following registry values are read by ADWS:

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port LDAP
Type: REG_DWORD
Data: 1 – 65535 (default: 389)

Key: HKLM\SYSTEM\CurrentControlSet\Services\<ADAM_INSTANCE_NAME>\Parameters
Value: Port SSL
Type: REG_DWORD
Data: 1 – 65535 (default: 636)

Verify that the registry values described above exist and have the appropriate values. Also verify that the NT AUTHORITY\SYSTEM account has permission to read the values. ADWS runs under the Local System account.

Once you’ve corrected the problem, restart the ADWS service. If you have to recreate the registry values because they’ve been deleted, restart the AD LDS instance before restarting the ADWS service.

Thanks to Simon Long for reminding me I had this as a blog draft from over a month ago that I seem to have forgotten to post.

Gregg Robertson

*UPDATE* I’ve just had to do this fix for the latest installation of vCentre and as mentioned by people in the comments below the path is now HKLM\System\CurrentControlSet\Services\ADAM_VMwareVCMSDS\Parameters , the | SSL Port value is created as a REG_SZ instead of REG_DWORD and the value is empty. So you need to delete this and recreate it as a REG_DWORD with the value 636