Active Directory Web Service is missing

Question

Two domain controllers running Server 2019 Standard.

Both are fully up to date.

Domain and Forest functioning level is 2016.

I recently attempted to open Active Directory Administrative Center (ADAC) on my PC.

RSAT installed and working no issue until this.

ADAC generates an error "Cannot connect to any domain. Refresh or try again when connection is available"

If I click "Ok" and click any bookmark, the first error is "The bookmarked item cannot be found or no longer exists."

The second error is "Cannot find an available server in the domain.com domain that is running the Active Directory Web Service (ADWS)"

The actual "Active Directory Web Service" within services.msc does not exist in either domain controller.

ADAC was working fine recently and now it does not work from my PC or on either DC.

All demonstrate the same error.

I have since found some powershell commands that point to the same missing ADWS service.

Get-ADUser command in powershell comes back with "Get-ADUser : Unable to find a default server with Active Directory Web Services running"

Both DCs are Global Catalogs

Both DC's are running DNS Server Service

One DC uses its own static IP as DNS server (not 127.0.0.1)

Second DC points to first DC for DNS

nslookup tests I did all seem to show correct information.

My first instinct was to check the health of Active Directory.

I ran "DCDiag /v" on both DCs

No errors on either other than reference to some occasional replication issues. (Usually happens during backups)

I ran repadmin /showrepl on both DCs

No errors reported.

I ran repadmin /replsum on both DCs

No erorrs reported.

It appears that AD is healthy.

How did ADWS dissapear?

As mentioned, ADAC worked fine up until as recently as a month ago.

I have no other symptoms manifesting themselves as problems and there seems to be no issues on the network I am aware of.

I am just a little leary this might be the beginning of a bigger issue.

I can find no info about ADWS going MIA.

Before I resort to moving FSMO roles and redoing Domain Controllers, I thought I would put this to the community to see if anyone else has seen/experienced this.

Input appreciated.

Answer 1

Hello Kur_gen,

Thank you for posting in Microsoft Community forum.

Have you seen the Active Directory Web Service before on the two Domain Controllers? If so, what changes have you made before the Active Directory Web Service missing?

If the Active Directory Web Service is missing on two domain controllers running Server 2019 Standard, you can try the following steps to resolve the issue:

1. Open the Server Manager on the affected domain controllers.
2. Click on Add Roles and Features.
3. Click Next until you reach the Features section.
4. Expand the .NET Framework 4.7 or .NET Framework 4.7 Features.
   5.Check if these roles below are installed.

After the installation is complete, the Active Directory Web Service should be available on the domain controllers. If the issue persists, you may need to check the event logs for any related errors

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,

Daisy Zhou

Answer 2

Good evening,

In answer to your questions...to be honest, the only reason I went looking for ADWS at all is because of the error I encounter when attempting to open ADAC so really, I never noticed or observed the ADWS service on either DC because everything was working fine. One would assume ADWS MUST have been there for ADAC to be working before. As far as changes go, we made some vLan changes but that was early February this year and the vLan and IP subnet never changed for these two DCs. I know I used the ADAC with no issue between then and when I discovered this issue.

I checked the Roles and Features as you suggested and they are installed exactly as you have shown with one exception.

Where you show ".NET Framework 4.8"; I am showing ".NET Framework 4.7" as shown below. I did notice you mentioned 4.7 in bullet 4 so I am assuming this isn't a show stopper.

The rest looks the same:

Other than an annoyance, the issue (so far) does not seem detrimental to AD but I was hoping this was a simple oversight on my part.

Answer 3

Hello

Good day!

After you install AD DS role, there will be AD DS and ADWS services running in the services.msc console.

*This service provides a Web Service interface to instances of the directory service (AD DS and AD LDS) that are running locally on this server. If this service is stopped or disabled, client applications, such as Active Directory PowerShell, will not be able to access or manage any directory service instances that are running locally on this server.*Please check if there is ADWS folder and C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe on the DC.
For example:

There is no ADWS on one server without ADDS role installed.
For example:

Best Regards,
Daisy Zhou

Answer 4

Good morning,

Confirmed. That directory exists on both DCs.

Does this mean the windows service can be reinstalled?

Answer 5

Hello Kur_gen,

Good day!

There is no ADWS role when we install roles and features, do you mean uninstall AD DS and reinstall AD DS role on both DCs?

Best Regards,
Daisy Zhou