Solved

Lync 2013 - Re-enable users everyday

Posted on 2014-03-28
16
643 Views
Last Modified: 2014-04-15
I have something unique I have ran into with my Lync 2013 server. Every morning I have to go into the Lync control panel and temporarily disable all the users (except 2), close the control panel, open it back up and re-enable all users. Restarting the server does nothing and stopping the services and restarting does nothing. Has anyone ran across this before? I did not used to do this. Even better I have 2 users that are admins in the domain and of course I cant restart them. It allows me to disable and re-enable in PowerShell but their Lync never connects, its just stays at trying to sign in. No error codes pop up or anything.
0
Comment
Question by:ZeroDogg
  • 9
  • 5
  • 2
16 Comments
 
LVL 36

Expert Comment

by:Jian An Lim
ID: 39963650
your problem is unique
Can you clearly outline what is your issue?

user cannot connect to the server everyday? or something?

i saw temporarily disable all users.. why?
0
 

Author Comment

by:ZeroDogg
ID: 39966539
Every morning I come in all the users but me are disconnected from the server. I go into the control panel and temporarily disable everyone for about 2 minutes then go back in and re-enable then about 5 minutes later Lync starts working for most people. Doing this seems to be the only thing that will work to get the Lync working again.Nothing has changed on this server. Is there anything specific that you need to know that possibly I am forgetting to say?
0
 
LVL 36

Expert Comment

by:Jian An Lim
ID: 39970384
Okay, let's focus on "disconnected"
how do you know they are "disconnected"? it is from Lync point of view or desktop point of view?

have you tried the web version of Lync during this?

Also try to turn on the Lync client advance logging and see any thing "obvious"


the next thing is to run some troubleshooting .. mean while, I don't know how to start as i am going to tell you to run all basic things unless there is something obvious I can think off.

(do you have lync autodiscover?)
0
 

Author Comment

by:ZeroDogg
ID: 39972317
I will be troubleshooting today. I wanted to run a little test last night before responding to you. I had a couple of users just lock their computers before they left and had the rest sign off. The computers that were locked and their Lync was signed in, stayed signed in. Users that logged off the night before could not login to Lync this morning. I have to go to the Lync console and do a temp disable then re-enable then Lync works again. As always my 2 admins Lync does not work no matter what I do.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 39988122
This is related mostly to DNS issues! Try to configure lync client to connect manually! you will need to try at least to configure one user with manual configuration. to do this you will click on Tools -> Options -> Personal and on the right pane next to sign in address click Advanced and then tick manual configuration

In Internal and External server name type the ip of the lync Front end server e.g. 192.168.1.65:5061 apply the settings and try to connect.

If this works then you haven't defined the sip record in your internal DNS and therefore users unable to connect. if you already have the sip.domain.com record configured then I assume that you have a problem with user's certificate that's provided by Lync.

Are the users Domain joined? if not you'll have to manually import the Lync server certificate and the Certification authority to all those users in order to connect.

as for the admins, you will need to enable inheritance in user's security settings from Active Directory in order to be able to change their Lync settings.
0
 

Author Comment

by:ZeroDogg
ID: 39990413
I will get back you with on this. Even though I have tried manual settings, somethings are working and some are not depending on the user. Strange.
0
 

Author Comment

by:ZeroDogg
ID: 39991952
Here is where I am at right now. The admin users that I could not get going before are fine now. I have a test user with no issues either, it could sign in the next day. I have a handful of users now that yet again I have to disable then re-enable in the mornings. The manual settings do not work as far as putting the settings in and having Lync just start working again. All users are domain joined. Interesting point is that after I had users sign off and back on.....the connection was lost again. I had to re-enable. These are my very first "test" users. Pull the certs and remove from Lync then re-add? Your thoughts.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 39992246
hmm seems you have a connectivity issue with the Lync front end server, how is your network topology like?

1- are the Lync clients and front end are in the same subnet?
2- Can you ping Lync FE server from the clients?
3- Have you disabled the LYnc FE Server's firewall?
4- can you telnet front end on port 5061 from any client?

I would recommend that you download wireshark and Lync debugging tools, make sure you install wireshark on Lync FE server and filter only port 5061 requests.  

Also install Lync debugging tools and choose "S4 and Sip stack" components and turn choose all the flags. and under log file options choose "New and change the size to 200mb"

Next make sure you Start to log on OCS logger before you log in to one of the test clients. and please attach the log here to see what's going on.

http://www.microsoft.com/en-us/download/details.aspx?id=35453
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:ZeroDogg
ID: 39992285
Also the users having issues seem to be the ones migrated from Lync 2010
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 39992330
That clears it out, this could be a database issue! I think in this case your best shot is to delete users and re-create them in active directory because it seems their object store have been somehow malfunctioned..

I have seen a similar case and the only resolution to it was re-creating users on AD and then re-enabling them on Lync 2013.

However if you don't wanna do that. we can go ahead with troubleshooting, but you might just try one of the users who don't have much on his lync account. although you can export the users on Lync's account using the powershell cmdet Export-CsUserData
0
 

Author Comment

by:ZeroDogg
ID: 39992581
Actually no one has anything on their Lync accounts, AD on the other hand is another story. I think in this scenario we would have to find work arounds. Any suggestions where to start there?
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 39992626
If you don't want to delete users and re-create them then I would suggest you'd start with Debugging tools. after installing them run OCSlogger and tick the components and flags I told u before a user tries to log in make sure you start the debugging tool logging and after capturing the traces share them here.
0
 

Author Comment

by:ZeroDogg
ID: 39995381
I have it partially figured out. It has nothing to do (in this case) with the desktops talking to the server. It's actually the desktops themselves. I took users and added their accounts to a test machine. In all cases I was able to sign out or shut down then get back in the computer and the Lync would auto sign in every time. So my question now is what would be the best way to remove these "ghost" settings out of each machine that connected to the old 2010 Lync server? Registry?
0
 
LVL 23

Accepted Solution

by:
Mohammed Hamada earned 500 total points
ID: 39995431
Either cache or DNS. lync locally first looks for the srv value on your local DNS server to log in. if it finds it it will connect to Lync server directly.

You have to make sure that if you have this value in your DNS it points to the right server.

_sipinternaltls._tcp.domain.com should point to sip.domain.com or point to the IP of your Lync FE.

I never had to edit registry to fix lync connectivity between client and server. it was always network or server configuration.

Cache folder for lync should be located in
%userprofile%\appdata\local\microsoft\office\15.0

Exit Lync and Outlook before you delete what's inside the folder Lync. hope this helps
0
 

Author Comment

by:ZeroDogg
ID: 39995434
Hopefully I will be testing tomorrow and let you know, if not it waits till Monday.
0
 

Author Closing Comment

by:ZeroDogg
ID: 40002363
This was really unique to my situation. I had to go to the folder and delete the Lync folder itself inside the .15 folder. I then had to run this script (put back into notepad):



Option Explicit

Dim objShell12

Dim objUserEnv

Dim strUserPro

Dim userProfile,SipProfile

Dim proPath

Dim objFSO

Dim objStartFolder

Dim objFolder

Dim colFiles

Dim objFile

Dim Subfolder

Dim uProfile

 

Set objShell12=CreateObject("WScript.Shell")

Set objUserEnv=objShell12.Environment("User")

strUserPro= objShell12.ExpandEnvironmentStrings(objUserEnv("TEMP"))

userProfile = objShell12.ExpandEnvironmentStrings("%userprofile%")

DeleteSip strUserPro 'delete user sip profile

 

 'Delete sip Profile

SipProfile=userProfile & "\AppData\Local\Microsoft\Office\15.0\Lync"

uProfile=userProfile & "\AppData\Local\Microsoft\Office\15.0"

 

Set objFSO = CreateObject("Scripting.FileSystemObject")

objStartFolder = uProfile

Set objFolder = objFSO.GetFolder(objStartFolder)

'Wscript.Echo objFolder.Path

ShowSubfolders objFSO.GetFolder(objStartFolder)

Sub ShowSubFolders(Folder)

    For Each Subfolder in Folder.SubFolders

      proPath = Right(Subfolder.Path,4)

        'Wscript.Echo proPath

    If proPath = "Lync" Then

 

DeleteSip SipProfile

 

End if

    Next

End Sub

 

DeleteSip SipProfile

'this is also to delete user sip profile

SipProfile=SipProfile & "\Sip_*"

DeleteSip SipProfile

WScript.Quit

Sub DeleteSip (strSipPath)

On Error Resume Next

Dim objFSO

Dim objFolder,objDir

Dim i

Set objFSO=CreateObject("Scripting.FileSystemObject")

Set objFolder=objFSO.GetFolder(strSipPath)

 

'delete folder

For i=0 To 10

                For Each objDir In objFolder.SubFolders

                objDir.Delete True

                Next

Next

'clear all objects

Set objFSO=Nothing

Set objFolder=Nothing

Set objDir=Nothing

End Sub

Then after that I had to start Lync up again and cancel the sign in process as quick as possible. Click on "delete my sign-in info" then restart the computer. I had to do it in this order for it to work but it did work every time. Thanks for getting me pointed in the right direction.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now