Hi all,
I am stuck with the event 1202 (source ADWS) error on my ADLDS server hosting sharepoint extranet user repository. My sharepoint server is a domain member butNOT a domain controller. I do not replicate this ADLDS instance with any other server. This ADLDS instance is not synched with AD's at all.
I already read posts existing on the subject and no one solved my problem as they're all related to ADLDS instances hosted on domain controllers
As a reminder the event 1202 (raised minutely) description is:
This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
Directory instance: NTDS
Directory instance LDAP port: 389
Directory instance SSL port: 636
My ADLDS instance is not named NTDS (and cannot as NTDS is the instance name of an ADDS domain) and ADWS correctly service it as the following 1200 event proove it:
Active Directory Web Services is now servicing the specified directory instance.
Directory instance: ADAM_ExtranetUsers
Directory instance LDAP port: 18589
Directory instance SSL port: 18836
So... my investigations result after enabling ADWS diagnostics are:
Following is the trace corresponding to the 1202 event generation
InstanceMap: [14.11.2012 08:57:19] [4] OnTimedEvent: got an event
InstanceMap: [14.11.2012 08:57:19] [4] CheckAndLoadAll: beginning
InstanceMap: [14.11.2012 08:57:19] [4] CheckAndLoadNTDSInstance: entered
InstanceMap: [14.11.2012 08:57:19] [4] CheckAndLoadNTDSInstance: found NTDS Parameters key
InstanceMap: [14.11.2012 08:57:19] [4] CheckAndLoadNTDSInstance: trying to change state to DC
InstanceMap: [14.11.2012 08:57:19] [4] AddRemoveSessionPoolAndDictionaryEntry: trying to change state for identifier ldap:389
InstanceMap: [14.11.2012 08:57:19] [4] AddSessionPool: adding a session pool for NTDS
DirectoryDataAccessImplementation: [14.11.2012 08:57:19] [4] InitializeInstance: entering, instance=NTDS, init=5, max=20
LdapSessionPoolImplementation: [14.11.2012 08:57:19] [4] InitializeInstance: entering, instance=NTDS, init=5, max=20
InstanceMap: [14.11.2012 08:57:20] [4] AddSessionPool: DirectoryException trying to create pool: System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
For me the BUGGY part of this ADWS error state within the CheckAndLoadNTDSInstance process. It effectively try to service NTDS instance because it found the NTDS registry key supposed to contain the AD DS instance configuration parameters. The content of the key is the following on my system (and any system I think):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\parameters]
"ldapserverintegrity"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\RID Values]
This is the normal content on any domain members. But this cause the ADWS service to think there is an NTDS domain service instance to serve which is not the case !!!!!
I resolved the error for a temporary period by removing the registry key above. Because I also think this key has nothing to do on client systems (as stated on technet). I also verified after removing the key that my ADLDS instance is still forcing SSL connections for simple bind (which is what the ldapserverintegrity registry value is supposed to do. Note this registry settings is also present is the ldap and my ADAM_ExtranetUsers service registry.) Everything worked like a charm for a day and my event log stopped reporting the 1202 event.
But during the first night, a process recreated the NTDS service registry key I deleted. So the event 1202 start reappearing every minute. Excepting filling my event log for nothing this error has no effect on the working ADLDS instance. So I can live with but it's rather annoying!
So finally my question is: Is it really a bug or did i make a mistake? If this is by design how can I prevent ADWS to try to serve an instance that does not exists on the system?
Can I set the undocumented ADWS configuration value "InstanceRediscoveryInterval" defaulted to "00:01:00" to something that say "NEVER".
At least to lower events count I will set it to something next to 1 hour or 1 day!
Does someone have a better solution?
Many thanks to any of you taking time to read my poor english ;-)