hi everyone, this is a troubleshooting blog post on how to fix and issue with VMM 2012 where the VMM service crashes with System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.
Big thanks to Radhika from the VMM team for compiling this troubleshooting item.
Scenarios: This error could happen while adding a Host/Cluster or creating a new Virtual Machine.
Possible cause 1: This could happen if the VMM service account is running as a Local System account. Some AD configurations might not allow using Local System to read the AD tree. For example, if the Authenticated User Permissions are removed from the default Active Directory containers, including the Users, Configuration or System, and organizational units (OUs) where User and Computer objects are stored, we might not be able to query AD.
Workaround solution 1: Try changing the VMM service to run as a domain service account (not necessary domain admin, but any account with read rights to Active Directory).
Possible cause 2: This could also happen if VMM service account is running as regular domain account but that domain account does not have appropriate permissions to read the AD tree.
Solution 2: Try adding the read permission to the domain account used as the VMM service account for the whole AD hierarchy or change VMM service to run as a domain account with read permissions to AD tree.
Stack trace snippet from logs:
00000516 44.95616913 [4264] 10A8.0B40::03/15-19:28:42.150#04:WatsonExceptionReport.cs(756): Unhandled exception caught.
00000517 44.95740128 [4264] 10A8.0B40::03/15-19:28:42.151#04:WatsonExceptionReport.cs(757): Unhandled exception.
00000518 44.96680450 [4264] 10A8.0B40::03/15-19:28:42.158#04:WatsonExceptionReport.cs(757): System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.
00000519 44.96680450 [4264]
00000520 44.96680450 [4264] at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
00000521 44.96680450 [4264] at System.DirectoryServices.DirectoryEntry.Bind()
00000522 44.96680450 [4264] at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
00000523 44.96680450 [4264] at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
00000524 44.96680450 [4264] at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
00000525 44.96680450 [4264] at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
00000526 44.96680450 [4264] at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
00000527 44.96680450 [4264] at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
00000528 44.96680450 [4264] at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
00000529 44.96680450 [4264] at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
00000530 44.96680450 [4264] at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
00000531 44.96680450 [4264] at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
00000532 44.96680450 [4264] at AccountHelper.ResolvePrincipal(String principalName, String& domain)
00000533 44.96680450 [4264] at AccountHelper.IsADGroup(String user)
00000534 44.96680450 [4264] at Microsoft.VirtualManager.DB.DelegatedAdmin.UserRoleDBHelper.UpdateOwnerOfSharedObject(SqlContext ctx, Guid objectId, CarmineObjectType objectType, Guid roleId, UserOrGroup userOrGroup)