I'm seeing the following when trying to open the Lync Server 2010 Administration Control Panel:

Unauthorized: Authorization failed.

The application cannot verify your credentials.

Verify your logon credentials and contact your support team.

In the Lync Server application event log I see this warning message:

Log Name:      Lync Server
Source:        LS Remote PowerShell
Date:          5/15/2013 2:33:27 PM
Event ID:      35007
Task Category: (3500)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      LYNC01.domain
Description:
Remote PowerShell cannot create InitialSessionState.

Remote PowerShell cannot create InitialSessionState for user: <SID>. Cause of failure: Active Directory server "<ADServer>" is not available. Try again later.
Cause: Remote PowerShell can fail to create InitialSessionState for varied number of reasons. Please look for other events that can give some specific information.
Resolution:
Follow the resolution on the corresponding failure events.

I can ping <ADServer> just fine.  From a previous message in this forum I also confirmed that NSLookup can see all AD and GC servers fine.  In some cases I can do an IISReset /noforce and I am then able to connect again to the control panel, but this isn't always the case.

<ADServer> appears to be working fine, there is nothing in the event logs that would suggest otherwise. Doing an NLTest /SC_Query:domain returns successful with a different <ADServer> than the one in the warning message.

The <SID> user has all the appropriate permissions to access the control panel and has done so in the past without issues.  

The only changes to the domain are that we recently raised the forest and domain functional levels to 2008 R2, however this was 7 days before this issue started occurring.  

Anyone have any ideas on what this might be?  Note that we have had this environment set up for several months without issue, this problem only started happening on the 10th of May.

Thanks!

Check if Prepare Active Directory is still showing Completed are not on Lync Deployment Wizard.

Yes, I can confirm that prepare active directory shows as completed.  Thanks.

Hi Jason

Check if the Sql Browser servers are started.  

Check lync admin user is a member of csadministrator group

http://demagnum.wordpress.com/2012/04/24/unauthorized-authorization-failed-lync-control-panel/

Yes, I've gone through all of the previous articles I could find that were similar to this issue, including the one you reference and that all checks out.  If you look at the warning message I am getting, it is specifically referencing AD server not available.  I have no errors or warnings about SQL.

Thanks for your help.

Other articles I have referenced:

http://blog.ucmadeeasy.com/2011/07/29/cannot-login-to-lync-control-panel-unauthorized-authorization-failed/

 http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/e16503be-e8ac-4345-93d8-4cbbc17d6dbe

 http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/2763bc97-0eb9-4774-851c-9f0133ae7d50

Hello,

Can you see any "Microsoft-Windows-Security-Kerberos" related error in APP log?

If so, try restarting the server and this may help.

Thanks,

We resolved this issue by rebooting all AD servers and the Lync servers.  Not sure why they were behaving the way they were but since the reboots all has been fine.

Thanks!

Jason

• Marked as answer by Jason Trimble Wednesday, May 22, 2013 1:18 PM

We resolved this issue by rebooting all AD servers and the Lync servers.  Not sure why they were behaving the way they were but since the reboots all has been fine.

Thanks!

Jason

• Marked as answer by Jason Trimble Wednesday, May 22, 2013 1:18 PM

We resolved this issue by rebooting all AD servers and the Lync servers.  Not sure why they were behaving the way they were but since the reboots all has been fine.

Thanks!

Jason

• Marked as answer by Jason Trimble Wednesday, May 22, 2013 1:18 PM

As a note - my company has had the same problem, except right after install as opposed to after working for a while.

In our case, all the groups are set up properly (as far as I can tell), the appropriate users are in the CSAdministrator group, topology is good, etc., but no one can log in. We are getting the same "Unauthorized: Authorization failed" message.

Rebooting of Lync server and DC did not change this. (I'm probably going to start over on building Lync to see if ti decides to work this time...)

Hallo i sometimes see this issue in my standard version Lync 2013 test environment,  be aware that normally all is 100% functional (also the lync control panel). I am testin enterprise voice with all kind of sip trunks (and not supported ata's)

A (non) solution is to reboot the production domain controllers, it does indeed always solve the issue (when it is there).when this issue is active because the Lync front end server rebooted (virtuals that will run when i need them to test some settings), i always get the event error: 35007 about the remote poweshell in combination with the pop-up can not find apropiate url during lync control panel startup.This is the first time that i use the standard version (to keep things simple, in all production environments i use the enterprise version and do not have these issues).I disabled all internal windows firewalls, not blocking items are to blame, i can reproduce by rebooting the lync 2013 server. Have you checked the ssl/tls notifications at the domain controllers and used pki viewer to see if all certificate elments are 100% ok ? (i my case it is not yet 100% ok, i implemented adfs and direct access and changed the crl locations who are in neeed of fixing).