The WDSServer service must be able to contact and read configuration settings from Active Directory so that it can create the Service Control Point (SCP).
If you received BINLSVC event 1803 and this is the first time you are starting the server, you can disregard this event. BINLSVC event 1803 will always occur when a new installation of a Windows Deployment Services server is started for the first time.
To resolve this, do the following in the specified order until you resolve the root cause:
Ensure that the SCP object exists.
Ensure that the WDSServer service can contact Active Directory.
Ensure that the machine account has sufficient permissions.
Ensure that the SCP object exists
To resolve this issue, determine whether the SCP exists; if it does not already exist, create it.
To perform this procedure, you must either be a member of the local Domain Admins group or have been delegated the appropriate authority.
To ensure that there is an SCP in Active Directory Domain Services:
Open Active Directory Users and Computers.
Browse to the computer account for the Windows Deployment Services server.
Right-click the server name, and then click Properties.
Ensure that there is a Remote Install tab with the introductory sentence "You can manage this remote installation server." The presence of this tab indicates that there is an SCP for this object.
If this tab is not present, you must create the SCP by restarting WDSServer. To do this, open the Command Prompt window, run net stop wdsserver, and then run net start wdsserver.
If this does not fix your problem, use the procedure in the following section to ensure that the WDSServer service can contact Active Directory.
Ensure that the WDSServer service can contact Active Directory.
Note: The following procedure includes steps for using the ping command to perform troubleshooting. Therefore, before performing these steps, determine whether the firewall settings or Internet Protocol security (IPsec) settings on your network allow Internet Control Message Protocol (ICMP) traffic. ICMP is the TCP/IP protocol that is used by the ping command.
To check the TCP/IP settings on the local computer:
Open the Command Prompt window, run the ipconfig /all command, and then confirm that the output is correct.
At the command prompt, run ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If this command is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with your network adapter.
Run ping <local IP address>. If you can ping the localhost address but not the local address, there may be an issue with the routing table or with the network adapter driver.
Run ping <DNS server IP address>. If there is more than one DNS server on your network, you should ping each of them in turn. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or possibly a network problem between the computer and the DNS servers.
If the domain controller is on a different subnet, try to ping the default gateway. If you cannot ping the default gateway, this might indicate a problem with the network adapter, the router or gateway device, the cabling, or other connectivity hardware.
If all these settings are correct, use the procedure in the following section to make sure that the machine account has the necessary permissions.
Ensure that the machine account has sufficient permissions
To resolve this issue, on the server that contains Active Directory Domain Services, grant the machine account for the Windows Deployment Services server the necessary permissions so that it can read its service control point (SCP).
To perform this procedure, you must either be a member of the local Domain Admins group or have been delegated the appropriate authority.
To grant permissions to the SCP object:
On the server that contains Active Directory Domain Services, open the Active Directory Users and Computers MMC Snap-in.
Click View, and then click Advanced Features (if it is not already enabled).
Right-click the Windows Deployment Services server’s computer account, and then click Properties.
On the Remote Install tab, click Advanced Setting.
On the Security tab, click SYSTEM, and then select Full Control on this object.
| Target | Microsoft.Windows.Server.6.2.WDSRole.Service.DeploymentServer | ||
| Parent Monitor | System.Health.AvailabilityState | ||
| Category | AvailabilityHealth | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | Microsoft.Windows.2SingleEventLog2StateMonitorType | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home<UnitMonitor ID="Microsoft.Windows.Server.6.2.WDSRole.Service.DeploymentServer.ADIntegration.Ensure_that_the_WDSServer_service_can_read_settings_from_Active_Directory" Accessibility="Public" Enabled="onEssentialMonitoring" Target="Microsoft.Windows.Server.6.2.WDSRole.Service.DeploymentServer" ParentMonitorID="SystemHealth!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.Windows.Server.6.2.WDSRole.Service.DeploymentServer.ADIntegration.Ensure_that_the_WDSServer_service_can_read_settings_from_Active_Directory_AlertMessageResourceID">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDisplayNumber$</AlertParameter1>
<AlertParameter2>$Data/Context/EventDescription$</AlertParameter2>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
<OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>Application</FirstLogName>
<FirstExpression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(1803|1804|1806)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BINLSVC</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>Application</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1808</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BINLSVC</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</SecondExpression>
</Configuration>
</UnitMonitor>