Recently I was onsite with a customer helping them deploy a new vSphere 5.1 environment to host a new Exchange 2010 system. As part of the deployment, we setup Alan Renouf’s vCheck 6 script and started working through the process of setting it up to run as a scheduled task. As we were manually running the task we noticed that the output showed errors every minute for the AD Web Services and AD Lightweight Directory Services (ADAM).
We found the log entries in the AD Web Services log.
A little digging uncovered that the event 1209 error is reported when there is a problem with the port numbers in the registry for AD Web Services LDAP access (389/636).
On inspection of the registry key, the “Port SSL” type is incorrect and the data is missing. According to the Technet blog post, the value type should be “REG_DWORD” and the default data is 636.
I deleted the existing incorrect value and created a new value with the REG_DWORD type and the value data of 636 decimal.
Upon checking the Windows event logs, I could see that the AD Web Services was already using the corrected value, so no service restart was required.
The next log entry displayed the VCMSDS instance and LDAP/LDAPS (SSL) ports it is configured to use.
After this vCenter system was fixed, we checked all of the other vCenter servers onsite and found that their vCenter 4.1 server they were using for non-production also had the same error. That vCenter server was running on a Windows 2003 server and we did have to stop and restart the AD Web Services service to load the corrected SSL port value and resolve the error.
Thanks to Alan Renouf and the vCheck contributors at Virtu-Al.net for grabbing and displaying this error.