Hello Chris Fu,
Thank you for posting in Q&A forum.
The following errors are shown when no Active Directory Web Services instances are available: Expand table ErrorOperation"Cannot connect to any domain. Refresh or try again when connection is available"Shown at start of the Active Directory Administrative Center application"Cannot find an available server in the <NetBIOS domain name> domain that is running the Active Directory Web Service (ADWS)"Shown when trying to select a domain node in the Active Directory Administrative Center applicationTo troubleshoot this issue, use these steps:
- Validate the Active Directory Web Services service is started on at least one domain controller in the domain (and preferably all domain controllers in the forest). Ensure that it's set to start automatically on all domain controllers as well.
- From the computer running the Active Directory Administrative Center, validate that you can locate a server running ADWS by running these NLTest.exe commands:
nltest /dsgetdc:<domain NetBIOS name> /ws /force nltest /dsgetdc:<domain fully qualified DNS name> /ws /force If those tests fail even though the ADWS service is running, the issue is with name resolution or LDAP and not ADWS or Active Directory Administrative Center. This test fails with error "1355 0x54B ERROR_NO_SUCH_DOMAIN" if ADWS isn't running on any domain controllers though, so double-check before reaching any conclusions.
- On the domain controller returned by NLTest, dump the listening port list with command:
Copy Netstat -anob > ports.txt Examine the ports.txt file and validate that the ADWS service is listening on port 9389. Example: Copy TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 1828 [Microsoft.ActiveDirectory.WebServices.exe] TCP [::]:9389 [::]:0 LISTENING 1828 [Microsoft.ActiveDirectory.WebServices.exe] If listening, validate the Windows Firewall rules and ensure that they allow 9389 TCP inbound. By default, domain controllers enable firewall rule "Active Directory Web Services (TCP-in)". If not listening, validate again that the service is running on this server and restart it. Validate that no other process is already listening on port 9389.
- Install NetMon or another network capture utility on the computer running Active Directory Administrative Center and, on the domain, controller returned by NLTEST. Gather simultaneous network captures from both computers, where you start Active Directory Administrative Center and see the error before stopping the captures. Validate that the client is able to send to and receive from the domain controller on port TCP 9389. If packets are sent but never arrive or arrive and the domain controller replies but they never reach the client, it's likely there's a firewall in between the computers on the network dropping packets on that port. This firewall may be software or hardware and may be part of third-party endpoint protection (antivirus) software.
For more information, please refer to link below.
Advanced AD DS Management Using Active Directory Administrative Center (Level 200) | Microsoft Learn
Here is a similar thread for your reference.
Active Directory Web Service is missing - Microsoft Community
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.