Share via


Event ID 1803 — Active Directory Integration

Applies To: Windows Server 2008

Windows Deployment Services depends on Active Directory Domain Services for various functions. The Pre-Boot Execution Environment (PXE) provider creates machine accounts and service control points (SCPs) in Active Directory. An SCP is a child object under a Windows Deployment Services server account object, and it is used to store configuration data for the server. For example, an SCP can mark the server as a Windows Deployment Services server so that other Windows Deployment Services servers can find it.

Event Details

Product: Windows Operating System
ID: 1803
Source: BINLSVC
Version: 6.0
Symbolic Name: E_BINL_SCP_NETBOOTSCPBL_QUERY_FAILED
Message: An error occurred while attempting to locate the Service Control Point object for this Windows Deployment Services server in Active Directory Domain Services. There was an error reading the 'netbootSCPBL' attribute from the Computer object.

Error Information: %1

Resolve

Ensure that the WDSServer service can read settings from Active Directory

The WDSServer service must be able to contact and read configuration settings from Active Directory so that it can create the Service Control Point (SCP).

If you received BINLSVC event 1803 and this is the first time you are starting the server, you can disregard this event. BINLSVC event 1803 will always occur when a new installation of a Windows Deployment Services server is started for the first time. 

To resolve this, do the following in the specified order until you resolve the root cause:

  • Ensure that the SCP object exists.
  • Ensure that the WDSServer service can contact Active Directory.
  • Ensure that the machine account has sufficient permissions.

Ensure that the SCP object exists

To resolve this issue, determine whether the SCP exists; if it does not already exist, create it.

To perform this procedure, you must either be a member of the local Domain Admins group or have been delegated the appropriate authority.

To ensure that there is an SCP in Active Directory Domain Services:

  1. Open Active Directory Users and Computers.
  2. Browse to the computer account for the Windows Deployment Services server.
  3. Right-click the server name, and then click Properties.
  4. Ensure that there is a Remote Install tab with the introductory sentence "You can manage this remote installation server." The presence of this tab indicates that there is an SCP for this object.
  5. If this tab is not present, you must create the SCP by restarting WDSServer. To do this, open the Command Prompt window, run net stop wdsserver,** **and then run net start wdsserver.

If this does not fix your problem, use the procedure in the following section to ensure that the WDSServer service can contact Active Directory.

Ensure that the WDSServer service can contact Active Directory.

Note: The following procedure includes steps for using the ping command to perform troubleshooting. Therefore, before performing these steps, determine whether the firewall settings or Internet Protocol security (IPsec) settings on your network allow Internet Control Message Protocol (ICMP) traffic. ICMP is the TCP/IP protocol that is used by the ping command.

To check the TCP/IP settings on the local computer:

  1. Open the Command Prompt window, run the ipconfig /all command, and then confirm that the output is correct.
  2. At the command prompt, run ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If this command is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
  3. Run ping <local IP address>. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
  4. Run ping <DNS server IP address>. If there is more than one DNS server on your network, you should ping each of them in turn. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or possibly a network problem between the computer and the DNS servers.
  5. If the domain controller is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, the cabling, or other connectivity hardware.

If all these settings are correct, use the procedure in the following section to make sure that the machine account has the necessary permissions.

Ensure that the machine account has sufficient permissions

To resolve this issue, on the server that contains Active Directory Domain Services, grant the machine account for the Windows Deployment Services server the necessary permissions so that it can read its service control point (SCP).

To perform this procedure, you must either be a member of the local Domain Admins group or have been delegated the appropriate authority.

To grant permissions to the SCP object:

  1. On the server that contains Active Directory Domain Services, open the Active Directory Users and Computers MMC Snap-in.
  2. Click View, and then click Advanced Features (if it is not already enabled).
  3. Right-click the Windows Deployment Services server’s computer account, and then click Properties.
  4. On the Remote Install tab, click Advanced Setting.
  5. On the Security tab, click SYSTEM, and then select Full Control on this object.

Verify

To perform this procedure, you must either be a member of the local Domain Admins group or have been delegated the appropriate authority.

To ensure that there is a service control point (SCP) in Active Directory:

  1. Open Active Directory Users and Computers. (Click Start, click Administrative Tools, and click Active Directory Users and Computers)
  2. Browse to the computer account for the Windows Deployment Services server.
  3. Right-click the server, and then click Properties.
  4. Ensure that there is a Remote Install tab with the introductory sentence "You can manage this remote installation server."  The presence of this tab indicates that there is an SCP for this object.

Active Directory Integration

Windows Deployment Services