Home > Active Directory, Powershell, VMware > How to fix Active Directory Web Services recurring event 1209 on vCenter servers (Powershell way)

How to fix Active Directory Web Services recurring event 1209 on vCenter servers (Powershell way)

There is an issue (not a very new one, to be honest) with Active Directory Web Services and vCenter server, that keeps logging in the Windows event “Active Directory Web Services” log, a warning event with id 1209, one every single minute. The issue and the solution is explained in this VMware support KB (Active Directory Web Services fails to read the settings for the specified Active Directory Lightweight Directory Services instance) and in a post on the (always great) AskDS blog.

I’m not disclosing anything new or secret about that, just posting a small script fragment to automate the fix on multiple vCenter servers, with Powershell 2.0 Remoting.

# At first, build the sessions with the vCenter servers to be fixed, using current logged in account
$sessions = new-pssession -computername vCenter0,vCenter1,ProdvCenter,LabvCenter

# Then invoke the scriptblock, for each session, one at a time to have a sequential processing (and output)
$r = invoke-command -session $sessions -ThrottleLimit 1 -scriptblock {
Write-Host $Env:ComputerName -fore Green
Write-Output ("<< "+ $Env:ComputerName +" >>")
PushD HKLM:\System\CurrentControlSet\Services\ADAM_VMwareVCMSDS\Parameters
Get-ItemProperty -Path . -Name "Port LDAP","Port SSL" -ErrorAction:SilentlyContinue
Remove-ItemProperty -Path . -Name "Port LDAP","Port SSL" -ea:0
new-ItemProperty -Path . -Name "Port LDAP" -PropertyType DWORD -value 389
new-ItemProperty -Path . -Name "Port SSL" -PropertyType DWORD -value 636
Get-ItemProperty -Path . -Name "Port LDAP","Port SSL"
restart-service AdWs

# Optionally process the $r results …

Some comments on the above code:

  • Saving multiple sessions in an array is useful if you need to issue multiple scirptblocks, managing try/error/retry situations, … in general when you retarget the same hosts multiple times. Building a “one-off” session and destroying it (eg: enter-pssession, invoke-command –computername  …), is very expensive in term of network traffic, time, authentication, … and when working on *BIG* numbers and/or slow WAN it makes a huge difference
  • I use the “-ThrottleLimit 1” to process one server at a time, that is not guaranteed by Powershell remoting; this might be useful when you need to avoid congestion, or to be sure to get output in sync
  • The code uses “-ErrorAction:SilentlyContinue” to “trap” (ignore) non existent values; it shows that you can do the same with “–ea:0”, that makes you type faster but make code more difficult to read
  • You can read multiple values with a single Get-ItemProperty, it may be handy
  • I delete the values first, because we need to be sure that they are DWORD and not REG_SZ as they are (mistakenly) created. Note you can delete multiple values in a key, with a single Remove-ItemPropertycall
  • Each AdWs service need to be restarted, for changes to take place

Finally you can process the results, producing local output by reading the $r variable, if you care.



  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: