Problem using Active Directory Web Services?

Home > Blogs > PowerShell > Problem using Active Directory Web Services?

Problem using Active Directory Web Services?

Like This Blog 11Jason Helmick
Added by February 20, 2012

So, a friend of mine emailed me that he was having a problem running the active directory cmdlets. Here is what he received:

ADError PowerShell

 

It’s an interesting problem, one that I had seen in the past in a few of my own virtual environments, but not a problem common in the real world. In fact, a quick Google/Bing check gave no results for the actual problem. So, I thought I would mention it here, even though it is a rare issue. Here’s how I originally diagnosed this problem.

Notice the first error, well not an error really – after all it is in yellow and says “WARNING:” in big letters, notice that an error occurred initializing the default drive. Now those of you that work with AD and the cmdlets know that when you import the module, a provider loads a drive to access AD named “AD:”. This message is telling us it couldn’t create that file system, but notice WHY. The rest of the message reports that it was ‘Unable to find a default server with Active Directory Web Services running.’ Well, that’s the kind of error message I like, tell me what happened and tell me why.

Notice I also attempted to run an AD cmdlet, just to display another version of the error message. It’s the same error just all red and nasty looking. So, it would appear that on my domain controller, the ADWS is stopped. This should be easy to fix.

I checked the state of the service running:

PS> Get-WmiObject –class Win32_Service –filter
‘name=”adws”’

PS Services PowerShell
First of all, I like using the WMI class rather than Get-Service because it reports the StartMode of the service. I can quickly tell from this that the service is running and the StartMode is Automatic (AUTO).

You may also like:  Virtual machine configuration Versions in Windows Server 2016

Seems to be running, so let’s check the error log:

PS>  Get-EventLog –Logname ‘Active Directory Web Services’
–EntryType Error –Newest 5 | Select-Object –Property
EventID, Message | Format-Table –AutoSize -wrap

aderrorlog PowerShell
So, there are 1202 errors. I don’t know what that means of course, but the message is telling me that ADWS is having issues. At this point, most people will start to Google/Bing the error, and I did that too. The problem is that you quickly discover that this is a rabbit hole. The few results that I got from Bingle/Boog were obviously not my problem; they were strange registry hacks to fix issues that had nothing to do with ADWS. That’s when my spidey senses kicked in. This is not a real problem, it’s a mistake.

Sometimes, very rarely, a service will need to be restarted, let’s try that and then remove and import the module again:

PS> Restart-Service –name ADWS
PS> Remove-Module Act*
PS> Import-Module Act*

No error. Everything worked. Wait, this is not right. It’s true that my current problem is solved, but I know that this should not have happened in the first place. As much as we like to poke fun at “Windows” and use the phrase “Just reboot it”, I know that this is almost never the case. Windows Server is VERY WELL written and tested. Something else must be causing this issue.

I restarted the domain controller:

PS> Restart-Computer

After the restart, I again imported the AD module. Guesses? It failed again. I restarted the service and it worked fine, restarted the DC and it failed. I now have found the true root of the problem. Now I can fix it and never have it happen again.

Remember how I checked the ADWS service and it reported running and a StartMode of AUTO? Here’s the problem: The ADWS service needs to wait until the AD service is completely started or it won’t properly connect and cause this failure. I know the 1202 message says that ADWS will attempt to reconnect, but it never does.

You may also like:  Virtual machine configuration Versions in Windows Server 2016

To solve the problem, ADWS needs to start after the AD service has started. How can you do this? Easy, there is a new option for the StartMode of a service called “Automatic (Delayed Start)”.

Now here is the part that sucks. PowerShell cmdlets and WMI can’t deal with this StartMode. So, let me show you graphically.

On my DC, the StartMode was set to “Automatic”

Services PowerShell

 

 

I need to change this to a delayed start so that it appears like this:

ServicesCorrect PowerShell

 

There are a couple of ways to do this, none of them PowerShell because WMI and
Set-Service don’t understand the new StartMode type. You can use PowerShell to change this in the registry, but why work that hard. Just change it in the GUI. But if you’re hardcore and really need a command line to do this, you can use this:

PS>cmd.exe
C:\>sc config ADWS start= delayed-auto

(note the space after the equal sign. That is important.)

And there ya go, a permanent solution to a rare problem, one that you might run into as well.

Knowledge is PowerShell,
Jason Helmick
Director of PowerShell Technologies
Interface Technical Training

Videos You May Like

Agile Methodology in Project Management

0 96 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 936 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

3 376 3

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Avatar jordan

    This worked for me after hours of pulling my hair out and searching all over. This one little simple fix. Change the service start type and reboot the server.
    Thanks.

  2. Avatar Dan

    you can run your solution, direct from powershell, like this:

    cmd.exe /c “sc config ADWS start= delayed-auto”

    added this into my server setup script and worked wonders!
    Thanks for plugging the rabbit hole 🙂

  3. Avatar Nate

    I am getting the 1202 errors on my server 2012 R2 DC. Restarting the service with the remove/import is not solving the problem for me. I’m not able to restart the DC until after hours.

    Is there any chance that it could be related to domain or forest functional level? I am still on the 2003 functional level because Developers. 🙁

  4. Avatar Nigel

    Thanks for this post, it saved me hours of guessing!!!!

  5. Avatar Emilio

    Hi Jason and thanks a lot for sharing your time and knowledges with us.
    I’m having this problem in a Windows server 2008R2. I can load the AD module in my Windows 7 x64 computer and run the Get-AdUser command from it without problems, but not from the server (the server is e member server, no a DC). Do I need to install ADWS in my member server to be able to query the AD?
    Thanks in advance!

  6. Avatar Dennis

    Hello,
    I have a problem related to your post on ADWS. I have had a sbs 2008 running for 7 years pretty much with no major problems until recently. I can’t do any windows updates on the sbs server and now I am trying to deploy win 2012 r2 essentials and after setting up a 2nd domain controller, I found the error message in powershell no adws installed on each domain controller. What do you recommend to do?
    Thanks
    Dennis

  7. Avatar Craig

    Thanks so much! I was chasing my tail and going down rabbit holes till I found your post.

  8. Avatar nassa

    thanks it was really helpful 🙂

  9. Avatar Cannon Beach

    Thanks.

    All the ADWS lights were on here but, no-one home.

    Good Post. Good analysis and thanks for taking your time to post the PS steps…

  10. Avatar Koos

    What a great post! Realy thnx!

  11. Avatar Dianne Howard

    Hi Jason,

    Not sure if you remember me, but I THINK I was in a class of yours at Interface years ago, Windows Server 2003 HardHat… I might be mistaken. Anyway, I landed on your page because I’m having the problem discussed here, but your fix didn’t fix it and I don’t get what is going wrong with it. Even after stopping and restarting ADWS I get the Warning, then Ugly… Do You have any other ideas that I could try?

    I’m going to look at your schedules for Video training, I learned so much in the HardHat class, now I need on on Server 2008 R2..

    Thanks,

    Dianne Howard

Share your thoughts...

Please fill out the comment form below to post a reply.