Wednesday, April 25, 2012

ERROR: Repeating ADWS Errors Every 1 Minute

One of the errors my vCheck report enumerated was the following:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored. Instance name: ADAM_VMwareVCMSDS


This error was repeating everyone one minute - needless to say there were quite a few entries.  Apparently this bug has been around since vSphere 4 but hasn't been fix.  Luckily the fix is easy.  Go to the following registry key:
HKLM\SYSTEM\CurrentControlSet\services\ADAM_VMwareVCMSDS\Parameters

Find and delete the "Port SSL" value (the value data should be empty).
Create and new DWORD value with the same Port SSL name.
The value data should be 636 decimal.
Restart the ADWS and VMware_VCMSDS services.

I did the procedure and checked the ADWS log again - problem solved.

That's it!  Er... wait,  new problem found in ADWS log.  Here is the error:

Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.

A quick Google and I found this in the VMware Communities:
This message is simply an informational message and should have no major impact on the running of the Virtual Center Server. The only ways to stop this message from appearing would be joining vCenter Server to a AD Domain. Btw, you CANNOT install AD Domain Controller on the same machine with vCenter, it will not work. Because vCenter 4.1 will install an instance of ADAM (Active Directory Application Mode). It uses this when you use vCenter Linked Mode and ADAM will conflict with its’ own AD services if the server is also a Domain Controller.

Okay so basically ignore it.  Hopefully this doesn't fill up the vCheck report.  Just something we'll have to keep an eye on.