hi everyone, this is a troubleshooting blog post on how to fix and issue with VMM 2012 where the VMM service crashes with System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.

Big thanks to Radhika from the VMM team for compiling this troubleshooting item.

Scenarios: This error could happen while adding a Host/Cluster or creating a new Virtual Machine.



Possible cause 1: This could happen if the VMM service account is running as a Local System account. Some AD configurations might not allow using Local System to read the AD tree. For example, if the Authenticated User Permissions are removed from the default Active Directory containers, including the Users, Configuration or System, and organizational units (OUs) where User and Computer objects are stored, we might not be able to query AD.

Workaround solution 1: Try changing the VMM service to run as a domain service account (not necessary domain admin, but any account with read rights to Active Directory).


Possible cause 2: This could also happen if VMM service account is running as regular domain account but that domain account does not have appropriate permissions to read the AD tree.

Solution 2: Try adding the read permission to the domain account used as the VMM service account for the whole AD hierarchy or change VMM service to run as a domain account with read permissions to AD tree.





Stack trace snippet from logs:

00000516             44.95616913       [4264] 10A8.0B40::03/15-19:28:42.150#04:WatsonExceptionReport.cs(756): Unhandled exception caught.           

00000517             44.95740128       [4264] 10A8.0B40::03/15-19:28:42.151#04:WatsonExceptionReport.cs(757): Unhandled exception.         

00000518             44.96680450       [4264] 10A8.0B40::03/15-19:28:42.158#04:WatsonExceptionReport.cs(757): System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.    

00000519             44.96680450       [4264] 

00000520             44.96680450       [4264]    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)  

00000521             44.96680450       [4264]    at System.DirectoryServices.DirectoryEntry.Bind()         

00000522             44.96680450       [4264]    at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()              

00000523             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)     

00000524             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)   

00000525             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)                

00000526             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()   

00000527             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()          

00000528             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()                

00000529             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()          

00000530             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)                

00000531             44.96680450       [4264]    at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)

00000532             44.96680450       [4264]    at AccountHelper.ResolvePrincipal(String principalName, String& domain)          

00000533             44.96680450       [4264]    at AccountHelper.IsADGroup(String user)          

00000534             44.96680450       [4264]    at Microsoft.VirtualManager.DB.DelegatedAdmin.UserRoleDBHelper.UpdateOwnerOfSharedObject(SqlContext ctx, Guid objectId, CarmineObjectType objectType, Guid roleId, UserOrGroup userOrGroup)