Wednesday, April 25, 2012

ERROR: Repeating ADWS Errors Every 1 Minute

One of the errors my vCheck report enumerated was the following:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored. Instance name: ADAM_VMwareVCMSDS

This error was repeating everyone one minute - needless to say there were quite a few entries.  Apparently this bug has been around since vSphere 4 but hasn't been fix.  Luckily the fix is easy.  Go to the following registry key:

Find and delete the "Port SSL" value (the value data should be empty).
Create and new DWORD value with the same Port SSL name.
The value data should be 636 decimal.
Restart the ADWS and VMware_VCMSDS services.

I did the procedure and checked the ADWS log again - problem solved.

That's it!  Er... wait,  new problem found in ADWS log.  Here is the error:

Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.

A quick Google and I found this in the VMware Communities:
This message is simply an informational message and should have no major impact on the running of the Virtual Center Server. The only ways to stop this message from appearing would be joining vCenter Server to a AD Domain. Btw, you CANNOT install AD Domain Controller on the same machine with vCenter, it will not work. Because vCenter 4.1 will install an instance of ADAM (Active Directory Application Mode). It uses this when you use vCenter Linked Mode and ADAM will conflict with its’ own AD services if the server is also a Domain Controller.

Okay so basically ignore it.  Hopefully this doesn't fill up the vCheck report.  Just something we'll have to keep an eye on.

2012 VMware vExpert!

I just received confirmation that my vExpert status has been renewed for 2012!  My home lab and I thank you!   ;)
Now it's time to start earning it for 2013.



I saw this mentioned on another blog (I don't remember which one) over a year ago and thought it looked good, but didn't provide much info beyond what I was getting with VKernel and RVTools.  Now I'm wrong.  Alan over at wrote a PowerShell script that checks the health of your vCenter environment.  It has recently been updated to handle plugins.  Most of the checks have been converted to plugins, and now there's an Exchange plugin written by Phil Randal.  I would not be surprised to see other plugins for other systems like AD and SharePoint in the future.

I'm running most of the VMware and Exchange checks.  This is providing me information beyond the VKernel and RVTools tools I currently use.  I've set it up to run once per week and email the report to our VMware administrators distribution list.

In just the first week is has brought several problems to light which will be subjects of future blog articles(!).
I highly recommend!