VMM service crashes with System.Runtime.InteropServices.COMException (0x8007200A)
hi everyone, this is a troubleshooting blog post on how to fix and issue with
VMM 2012 where the VMM service crashes with
System.Runtime.InteropServices.COMException (0x8007200A): The specified
directory service attribute or value does not exist.
Big thanks to Radhika from the VMM team for compiling this troubleshooting
item.
Scenarios:
This error could happen while adding a Host/Cluster or creating a new Virtual
Machine.
Possible cause 1: This could happen if
the VMM service account is running as a Local System account. Some AD
configurations might not allow using Local System to read the AD tree. For
example, if the Authenticated User Permissions are removed from the default
Active Directory containers, including the Users, Configuration or System, and
organizational units (OUs) where User and Computer objects are stored, we might
not be able to query AD.
Workaround solution 1: Try changing the
VMM service to run as a domain service account (not necessary domain admin, but
any account with read rights to Active Directory).
Possible cause 2: This could also happen if VMM service account
is running as regular domain account but that domain account does not have
appropriate permissions to read the AD tree.
Solution 2: Try adding the read permission to the domain
account used as the VMM service account for the whole AD hierarchy or change VMM
service to run as a domain account with read permissions to AD
tree.
<:o:p>
Stack trace
snippet from logs:
00000516 44.95616913 [4264]
10A8.0B40::03/15-19:28:42.150#04:WatsonExceptionReport.cs(756): Unhandled
exception caught.
00000517 44.95740128 [4264]
10A8.0B40::03/15-19:28:42.151#04:WatsonExceptionReport.cs(757): Unhandled
exception.
00000518 44.96680450 [4264]
10A8.0B40::03/15-19:28:42.158#04:WatsonExceptionReport.cs(757): System.Runtime.InteropServices.COMException
(0x8007200A): The specified directory service attribute or value does not
exist.
00000519 44.96680450 [4264]
00000520 44.96680450
[4264] at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
00000521 44.96680450
[4264] at System.DirectoryServices.DirectoryEntry.Bind()
00000522 44.96680450
[4264] at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
00000523 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry
de)
00000524 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry
ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions
options)
00000525 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry
entry)
00000526 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
00000527 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
00000528 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
00000529 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
00000530 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext
context, Type principalType, Nullable`1 identityType, String identityValue,
DateTime refDate)
00000531 44.96680450
[4264] at
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext
context, Type principalType, IdentityType identityType, String identityValue)
00000532 44.96680450
[4264] at AccountHelper.ResolvePrincipal(String
principalName, String& domain)
00000533 44.96680450
[4264] at AccountHelper.IsADGroup(String user)
00000534 44.96680450
[4264] at
Microsoft.VirtualManager.DB.DelegatedAdmin.UserRoleDBHelper.UpdateOwnerOfSharedObject(SqlContext
ctx, Guid objectId, CarmineObjectType objectType, Guid roleId, UserOrGroup
userOrGroup)