Several times I have ran into the following issue with an event being logged in the vCenter Server event log every minute:
Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored. Instance name: ADAM_VMwareVCMSDS
I had fixed this on several vCenters that I managed. However the problem returned on one vCenter this weekend after enabling vCenter Linked Mode. I decided to document the solution here so it is easier to find if I run into this problem again.
As described here this is caused by a simple registry setting. Browse to the following key:
Delete the existing key (string) for “Port SSL” and replace it with a DWORD named “Port SSL” with a value of 636 (in decimal).
Restart ADAM_VMwareVCMSDS and ADWS services. Problem solved.
Thanks for the mention
While the post is old the issue persists; I get this same error with a clean install of vCenter 5. The fix (thankfully) still works.
Pingback: VMware vCenter Server Active Directory Web Services LDAP error on instance ADAM_VMwareVCMSDS « Yuri's Technology Blog
Work a treat. Many thanks.
Works for me in vCenter 4.1
Thanks a lot
Thanks helped me after vCenter 5 linked mode changes. Seems VMware aren’t addressing this issue.
I have been getting this error every minute on my 5.0 vCenter 2008R2x64 server and edited the registry. Problem is that I have no services named ADAM* to restart. What’s the deal?
Sometimes it just takes another set of eyes. “Early to bed and early to rise makes a man tired and blind in the eyes.” Thanks to my buddy who me straight.
It looks like the Display Name of this service is now VMwareVCMSDS. If you open the properties of VMwareVCMSDS the service name attribute is still ADAM_VMwareVCMSDS. This is the service you’ll want to restart.
Made the changes to the registry and bounced the 2 services. Still getting the messages every minute. What have I overlooked?
Here is the complete error.
This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically. Directory instance: ADAM_VMwareVCMSDS Directory instance LDAP port: 389 Directory instance SSL port: 636
The only thing that has got me on this issue before is not changing the REG_DWORD to decimal before entering the value of 636. The value must be 636 in decimal (which is 27c in hex).
I’d try the steps again…deleting the “Port SSL” string from the registry, creating a new DWORD 32bit value named “Port SSL” without the quotes and entering 27c (hex) or 636 (dec) for the value. Restarting the services again really should work.
Just curious, the original post shows you are using Windows 2008 R2 but it doesn’t mention the version of vCenter. If you are running vCenter 4.0, VMware has a recent KB article on this topic that you should check out — “Running vCenter Server 4.0 on a Windows 2008 R2 system results in a log spew in the Windows Event Viewer” at http://kb.vmware.com/kb/1015850 which specifically mentions a compatibility/support issue with running vCenter 4.0 on Windows 2008 R2.
Running vCenter 5.1b on 2008 R2. I cannot resolve this issue to save my life. Two of us have worked on it for three days and have deleted and recreated this key at least 4 times – all to no avail.
Worked perfectly for me! Thanks!
Worked like a champ! Thanks!
This solution helped me out for two days.
Now I have authetication problems again.
Don’t know what else is going on…
Running VCenter 5.5 U1 on Server 2012 and getting the same event ID, but the error is different. I checked the registry, and it would appear that VMWare has made the correct entry, but here’s what I get.
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds.
For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the “LDAP Interface Events” event logging category to level 2 or higher.
I decided to add it here, because this was the only hit I got on the event ID. If anyone has seen this, I’d greatly appreciate a fix :).
Found a solution if your still having this issue,