I'm attempting to deploy a Lync 2013 monitoring solution across a non-trusted boundary. My management servers are hosted in my local domain (mydomain.com). I have a gateway server deployed at the partner site (scomgw.partnerdomain.com). The partner already has Lync Server 2013 deployed with one standard edition front end (se.partnerdomain.com) and a dedicated SQL server to host the monitoring database (sql.partnerdomain.com). The sql.partnerdomain.com server is not a trusted application and does not host the xds database.

They also have a single edge server, but so far I've left that out of the deployment - first things first.

I have imported both of the Lync Server 2013 management packs, and - because I'm also monitoring my own, local Lync 2010 deployment - the Lync 2010 management pack. I have not yet gotten to the stage of deploying a synthetic transaction watcher node, as I'd like to get basic monitoring working first (again, first things first).

When deploying the agents at partnerdomain.com everything appears to go well - the two servers are discovered and the agents look like they're deploying just fine. However, after a few minutes sql.partnerdomain.com goes red and I see the following alert:

Path: sql.partnerdomain.com

Source: Discovery Script on sql.partnerdomain.com

Name: An internal exception has occurred during discovery

The alert context shows Health Service Script event 223. When I pull that event it looks like this:

ProviderName : Health Service Script

Id           : 223

Message      : DiscoverMachine.ps1 :

              

               ----------------------------------------------------------------

               ----------------

               -Script Name:      Lync Server MP Machine Topology Discovery

               -Run as account:   nt authority\network service

               -Execution Policy: Bypass

               ----------------------------------------------------------------

               ----------------

               Value of Source Id is {2469342F-3092-2CD4-2CE3-D45CA920984C}.

               Value of ManagedEntity Id is

               {1CE84D05-B9B8-68C7-D517-DA09E4CC34A2}.

               Value of Target Computer is sql.partnerdomain.com.

               Lync Server Module is added

               Successfully initialize discovery data.

               An exception occurred during discovery script, Exception :

               Could not connect to SQL server :

               [Exception=System.Data.SqlClient.SqlException (0x80131904):

               Cannot open database "xds" requested by the login. The login

               failed.

               Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

                  at System.Data.SqlClient.SqlInternalConnection.OnError(SqlExc

               eption exception, Boolean breakConnection, Action`1

               wrapCloseInAction)

                  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(T

               dsParserStateObject stateObj, Boolean callerHasConnectionLock,

               Boolean asyncClose)

                  at System.Data.SqlClient.TdsParser.TryRun(RunBehavior

               runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,

               BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject

               stateObj, Boolean& dataReady)

                  at System.Data.SqlClient.TdsParser.Run(RunBehavior

               runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,

               BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject

               stateObj)

                  at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLog

               in(Boolean enlistOK)

                  at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneL

               ogin(ServerInfo serverInfo, String newPassword, SecureString

               newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer

               timeout, Boolean withFailover)

                  at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFail

               over(ServerInfo serverInfo, String newPassword, SecureString

               newSecurePassword, Boolean redirectedUserInstance,

               SqlConnectionString connectionOptions, SqlCredential

               credential, TimeoutTimer timeout)

                  at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEn

               list(TimeoutTimer timeout, SqlConnectionString

               connectionOptions, SqlCredential credential, String

               newPassword, SecureString newSecurePassword, Boolean

               redirectedUserInstance)

                  at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbCon

               nectionPoolIdentity identity, SqlConnectionString

               connectionOptions, SqlCredential credential, Object

               providerInfo, String newPassword, SecureString

               newSecurePassword, Boolean redirectedUserInstance,

               SqlConnectionString userConnectionOptions)

                  at System.Data.SqlClient.SqlConnectionFactory.CreateConnectio

               n(DbConnectionOptions options, DbConnectionPoolKey poolKey,

               Object poolGroupProviderInfo, DbConnectionPool pool,

               DbConnection owningConnection, DbConnectionOptions userOptions)

                  at System.Data.ProviderBase.DbConnectionFactory.CreatePooledC

               onnection(DbConnectionPool pool, DbConnectionOptions options,

               DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)

                  at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbC

               onnectionOptions userOptions)

                  at System.Data.ProviderBase.DbConnectionPool.UserCreateReques

               t(DbConnectionOptions userOptions)

                  at System.Data.ProviderBase.DbConnectionPool.TryGetConnection

               (DbConnection owningObject, UInt32

               waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean

               onlyOneCheckConnection, DbConnectionOptions userOptions,

               DbConnectionInternal& connection)

                  at System.Data.ProviderBase.DbConnectionPool.TryGetConnection

               (DbConnection owningObject, TaskCompletionSource`1 retry,

               DbConnectionOptions userOptions, DbConnectionInternal&

               connection)

                  at System.Data.ProviderBase.DbConnectionFactory.TryGetConnect

               ion(DbConnection owningConnection, TaskCompletionSource`1

               retry, DbConnectionOptions userOptions, DbConnectionInternal&

               connection)

                  at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnect

               ion(DbConnection outerConnection, DbConnectionFactory

               connectionFactory, TaskCompletionSource`1 retry,

               DbConnectionOptions userOptions)

                  at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletion

               Source`1 retry)

                  at System.Data.SqlClient.SqlConnection.Open()

                  at Microsoft.Rtc.Common.Data.DBCore.PerformSprocContextExecut

               ion(SprocContext sprocContext)

               ClientConnectionId:5c11e7a5-9244-4b81-b2e6-51bc6e78b236].

               ----------------------------------------------------------------

               ----------------

To further confuse the issue, I have a lab here with what I believe is an identical deployment (including a gateway), and am not seeing this error here. I do see event 223 in this lab deployment, but only on the SE front end, not on the SQL server, and the 223 event on my SE is at an Informational level and indicates successful discovery.

Been pulling my hair out over this one, and have finally hit the wall. Anyone have any suggestions?

Also, if this is the wrong forum for this question, can somebody please point me in the right direction?

Thanks!

 

Cannot open database "xds" requested by the login. The login failed. - seems you need to grant permissions on the Lync CMS Database. Make sure the account that is being used has permissions on the database.

Theoretically, you could specify a different Windows Account that already has access in the xds database, and assign that account to the "Microsoft Lync Server 2013 Remote Watcher Profile for Discovery" profile on the Scom server.

Hi Gerry,

Try adding the NETWORK SERVICE account to the following local groups on the Edge server:

RTC Component Local

RTC Local Administrators

Then restart the System Center Management service.

This fixed it for me. If you look at the membership of the equivalent local groups on a Lync Server 2013 Front End you'll see that these groups contain the NETWORK SERVICE account. Looks to be an oversight by MSFT.

Cheers,

Garry

• Marked as answer by Nicholas LiModerator Monday, July 08, 2013 2:27 AM

Hi Garry,

Sorry for the slow reply on this. Yes, that solved the problem. This is actually a multi-tenant SCOM deployment in which I have only command-line access to the monitored servers. So for future reference, and for anyone else with a similar issue, here are the commands:

net localgroup RTC Component Local Group NT AUTHORITY\Network Service /add

net localgroup RTC Local Administrators NT AUTHORITY\Network Service /add

Probably only one of these is actually needed, but I went ahead and did both to maintain parity between the configurations on the edge and on the front end.

Thanks,

Gerry

It's indeed only required to add NETWORK SERVICE to the RTC Component Local Group.

Hi Gerry

Help to for Skype for Business Edge Server.

Thanks for your Help