Fix: Unable To Find A Default Server With Active Directory Web ...

5.3K

The most popular PowerShell module for managing Active Directory (RSAT-AD-PowerShell) accesses AD DS through Active Directory Web Service (ADWS) API interface running on the domain controller. If this service cannot be contacted, the error ‘Unable to find a default server with Active Directory Web Services running‘ will appear when you try to import the Active Directory module or run its cmdlets.

Contents

Toggle

• What is Active Directory Web Services (ADWS)?
• Common ADWS Errors in PowerShell
• Troubleshooting Active Directory Web Services Connectivity
  • Check LOGONSERVER environment variable
  • Test ADWS port connectivity with PowerShell
  • Switching domain controllers using nltest
  • Discovering ADWS-enabled domain controllers
• Check the ADWS Service on Domain Controllers in AD
  • Why does "Unable to find a default server with Active Directory web services running" error occurs?
  • How to check if you can connect to the ADWS port on your logon DC?
  • How to check the ADWS service on DCs in Active Directory?

What is Active Directory Web Services (ADWS)?

ADWS is a built-in domain controller service introduced in Windows Server 2008 R2 that runs on every DC (whether RODC or RWDC). Clients (including the AD PowerShell module) communicate with the Active Directory Web Services on DC over TCP port 9389.

Common ADWS Errors in PowerShell

If the service cannot be contacted, the following errors may occur:

• WARNING: Error initializing default drive: ‘Unable to find a default server with Active Directory Web Services running’
• Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running. CategoryInfo: ResourceUnavailable, ADServerDownException

Troubleshooting Active Directory Web Services Connectivity

By default, the RSAT-AD-PowerShell module cmdlets try to connect to the domain controller that is specified in the LOGONSERVER environment variable.

Check LOGONSERVER environment variable

Check the value of this environment variable on your computer:

$env:LOGONSERVER

Test ADWS port connectivity with PowerShell

Check if you can connect to the ADWS port on your logon domain controller:

Test-NetConnection m-dc02 -port 9389

If the command returns TcpTestSucceeded: False, it means the connection is blocked by the firewall, the ADWS service is not running, or the DC is down.

Switching domain controllers using nltest

If your logon DC is down, you can reboot the computer to logon through a new DC, or change the current logon server without reboot using the command:

nltest /SC_RESET:CONTOSO\DC02.contoso.com

Discovering ADWS-enabled domain controllers

Use the commands to discover DCs running the ADWS role in current or another Active Directory site:

Get-ADDomainController -Discover -Service ADWSGet-ADDomainController -ForceDiscover -Discover -Service ADWS –NextClosestSite

If your client device is not joined AD, you can manually specify the domain controller that is running the ADWS role and request domain user credentials in the PowerShell command. Specify the target domain controller running ADWS by using the -Server DC_FQDN_or_IP_address parameter and prompt for user credentials. For example:

Get-ADUser -filter * –Server DC02.theitbros.com -Credential (Get-Credential)

or:

Move-ADDirectoryServerOperationMasterRole -Server dc02 ……

Check the ADWS Service on Domain Controllers in AD

If ADWS service doesn’t respond on a DC, ensure service is running.

1. Open the services.msc snap-in;
2. Check that the Active Directory Web Services is in a Running state.
3. Start it if the service is stopped. If the service is running, restart the DC or restart the service with the PowerShell command: Restart-Service –name ADWS –verbose

   

4. Verify if the ADWS service is configured to start automatically: Get-Service ADWS | Select-Object -Property Name, StartType, Status

   If necessary, change the startup type to automatic:

   Set-Service -Name ADWS –StartupType AutomaticDelayedStart

Open the Event Viewer on the domain controller, expand Windows Logs > System and filter your System log by the event ID 1206 with the description:

Active Directory Web Services could not determine if the computer is a global catalog server.

This error can be fixed by enabling and then disabling the Global Catalog FSMO role on the DC.

1. Open the Active Directory Sites and Services console (dssite.msc) and locate your DC;
2. Right-click on NTDS Settings and then click Properties;
3. Check/Uncheck the Global Catalog option on the General tab.
4. Wait a while for AD changes to replicate and then revert back to the previous value;
5. Reboot the domain controller.

Hint. ADWS is missing on Windows Server 2003 R2 and 2008 DCs but can be manually installed with the Active Directory Management Gateway Service update (KB969166 and KB968934).

Why does "Unable to find a default server with Active Directory web services running" error occurs?

"Unable to find a default server with Active Directory web services running" error occurs if Active Directory Web Service (ADWS) API interface service cannot be contacted.

How to check if you can connect to the ADWS port on your logon DC?

Check if you can connect to the ADWS port on your logon DC through PowerShell by running the following command:

Test-NetConnection m-dc02 -port 9389

How to check the ADWS service on DCs in Active Directory?

You can check the ADWS service on DCs in Active Directory through services.msc snap-in.

errorsPowershell