Lync 2013 - Re-enable users everyday

Posted on 2014-03-28
Last Modified: 2014-04-15
I have something unique I have ran into with my Lync 2013 server. Every morning I have to go into the Lync control panel and temporarily disable all the users (except 2), close the control panel, open it back up and re-enable all users. Restarting the server does nothing and stopping the services and restarting does nothing. Has anyone ran across this before? I did not used to do this. Even better I have 2 users that are admins in the domain and of course I cant restart them. It allows me to disable and re-enable in PowerShell but their Lync never connects, its just stays at trying to sign in. No error codes pop up or anything.
Question by:ZeroDogg
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 2
LVL 37

Expert Comment

by:Jian An Lim
ID: 39963650
your problem is unique
Can you clearly outline what is your issue?

user cannot connect to the server everyday? or something?

i saw temporarily disable all users.. why?

Author Comment

ID: 39966539
Every morning I come in all the users but me are disconnected from the server. I go into the control panel and temporarily disable everyone for about 2 minutes then go back in and re-enable then about 5 minutes later Lync starts working for most people. Doing this seems to be the only thing that will work to get the Lync working again.Nothing has changed on this server. Is there anything specific that you need to know that possibly I am forgetting to say?
LVL 37

Expert Comment

by:Jian An Lim
ID: 39970384
Okay, let's focus on "disconnected"
how do you know they are "disconnected"? it is from Lync point of view or desktop point of view?

have you tried the web version of Lync during this?

Also try to turn on the Lync client advance logging and see any thing "obvious"

the next thing is to run some troubleshooting .. mean while, I don't know how to start as i am going to tell you to run all basic things unless there is something obvious I can think off.

(do you have lync autodiscover?)
Office 365 Training for IT Pros

Learn how to provision Office 365 tenants, synchronize your on-premise Active Directory, and implement Single Sign-On.


Author Comment

ID: 39972317
I will be troubleshooting today. I wanted to run a little test last night before responding to you. I had a couple of users just lock their computers before they left and had the rest sign off. The computers that were locked and their Lync was signed in, stayed signed in. Users that logged off the night before could not login to Lync this morning. I have to go to the Lync console and do a temp disable then re-enable then Lync works again. As always my 2 admins Lync does not work no matter what I do.
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39988122
This is related mostly to DNS issues! Try to configure lync client to connect manually! you will need to try at least to configure one user with manual configuration. to do this you will click on Tools -> Options -> Personal and on the right pane next to sign in address click Advanced and then tick manual configuration

In Internal and External server name type the ip of the lync Front end server e.g. apply the settings and try to connect.

If this works then you haven't defined the sip record in your internal DNS and therefore users unable to connect. if you already have the record configured then I assume that you have a problem with user's certificate that's provided by Lync.

Are the users Domain joined? if not you'll have to manually import the Lync server certificate and the Certification authority to all those users in order to connect.

as for the admins, you will need to enable inheritance in user's security settings from Active Directory in order to be able to change their Lync settings.

Author Comment

ID: 39990413
I will get back you with on this. Even though I have tried manual settings, somethings are working and some are not depending on the user. Strange.

Author Comment

ID: 39991952
Here is where I am at right now. The admin users that I could not get going before are fine now. I have a test user with no issues either, it could sign in the next day. I have a handful of users now that yet again I have to disable then re-enable in the mornings. The manual settings do not work as far as putting the settings in and having Lync just start working again. All users are domain joined. Interesting point is that after I had users sign off and back on.....the connection was lost again. I had to re-enable. These are my very first "test" users. Pull the certs and remove from Lync then re-add? Your thoughts.
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39992246
hmm seems you have a connectivity issue with the Lync front end server, how is your network topology like?

1- are the Lync clients and front end are in the same subnet?
2- Can you ping Lync FE server from the clients?
3- Have you disabled the LYnc FE Server's firewall?
4- can you telnet front end on port 5061 from any client?

I would recommend that you download wireshark and Lync debugging tools, make sure you install wireshark on Lync FE server and filter only port 5061 requests.  

Also install Lync debugging tools and choose "S4 and Sip stack" components and turn choose all the flags. and under log file options choose "New and change the size to 200mb"

Next make sure you Start to log on OCS logger before you log in to one of the test clients. and please attach the log here to see what's going on.

Author Comment

ID: 39992285
Also the users having issues seem to be the ones migrated from Lync 2010
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39992330
That clears it out, this could be a database issue! I think in this case your best shot is to delete users and re-create them in active directory because it seems their object store have been somehow malfunctioned..

I have seen a similar case and the only resolution to it was re-creating users on AD and then re-enabling them on Lync 2013.

However if you don't wanna do that. we can go ahead with troubleshooting, but you might just try one of the users who don't have much on his lync account. although you can export the users on Lync's account using the powershell cmdet Export-CsUserData

Author Comment

ID: 39992581
Actually no one has anything on their Lync accounts, AD on the other hand is another story. I think in this scenario we would have to find work arounds. Any suggestions where to start there?
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39992626
If you don't want to delete users and re-create them then I would suggest you'd start with Debugging tools. after installing them run OCSlogger and tick the components and flags I told u before a user tries to log in make sure you start the debugging tool logging and after capturing the traces share them here.

Author Comment

ID: 39995381
I have it partially figured out. It has nothing to do (in this case) with the desktops talking to the server. It's actually the desktops themselves. I took users and added their accounts to a test machine. In all cases I was able to sign out or shut down then get back in the computer and the Lync would auto sign in every time. So my question now is what would be the best way to remove these "ghost" settings out of each machine that connected to the old 2010 Lync server? Registry?
LVL 24

Accepted Solution

Mohammed Hamada earned 500 total points
ID: 39995431
Either cache or DNS. lync locally first looks for the srv value on your local DNS server to log in. if it finds it it will connect to Lync server directly.

You have to make sure that if you have this value in your DNS it points to the right server. should point to or point to the IP of your Lync FE.

I never had to edit registry to fix lync connectivity between client and server. it was always network or server configuration.

Cache folder for lync should be located in

Exit Lync and Outlook before you delete what's inside the folder Lync. hope this helps

Author Comment

ID: 39995434
Hopefully I will be testing tomorrow and let you know, if not it waits till Monday.

Author Closing Comment

ID: 40002363
This was really unique to my situation. I had to go to the folder and delete the Lync folder itself inside the .15 folder. I then had to run this script (put back into notepad):

Option Explicit

Dim objShell12

Dim objUserEnv

Dim strUserPro

Dim userProfile,SipProfile

Dim proPath

Dim objFSO

Dim objStartFolder

Dim objFolder

Dim colFiles

Dim objFile

Dim Subfolder

Dim uProfile


Set objShell12=CreateObject("WScript.Shell")

Set objUserEnv=objShell12.Environment("User")

strUserPro= objShell12.ExpandEnvironmentStrings(objUserEnv("TEMP"))

userProfile = objShell12.ExpandEnvironmentStrings("%userprofile%")

DeleteSip strUserPro 'delete user sip profile


 'Delete sip Profile

SipProfile=userProfile & "\AppData\Local\Microsoft\Office\15.0\Lync"

uProfile=userProfile & "\AppData\Local\Microsoft\Office\15.0"


Set objFSO = CreateObject("Scripting.FileSystemObject")

objStartFolder = uProfile

Set objFolder = objFSO.GetFolder(objStartFolder)

'Wscript.Echo objFolder.Path

ShowSubfolders objFSO.GetFolder(objStartFolder)

Sub ShowSubFolders(Folder)

    For Each Subfolder in Folder.SubFolders

      proPath = Right(Subfolder.Path,4)

        'Wscript.Echo proPath

    If proPath = "Lync" Then


DeleteSip SipProfile


End if


End Sub


DeleteSip SipProfile

'this is also to delete user sip profile

SipProfile=SipProfile & "\Sip_*"

DeleteSip SipProfile


Sub DeleteSip (strSipPath)

On Error Resume Next

Dim objFSO

Dim objFolder,objDir

Dim i

Set objFSO=CreateObject("Scripting.FileSystemObject")

Set objFolder=objFSO.GetFolder(strSipPath)


'delete folder

For i=0 To 10

                For Each objDir In objFolder.SubFolders

                objDir.Delete True



'clear all objects

Set objFSO=Nothing

Set objFolder=Nothing

Set objDir=Nothing

End Sub

Then after that I had to start Lync up again and cancel the sign in process as quick as possible. Click on "delete my sign-in info" then restart the computer. I had to do it in this order for it to work but it did work every time. Thanks for getting me pointed in the right direction.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question