Since I had te renew the Lync 2010 certicate, I can't perform any administrative action in the server. It's weird, because the service is working perfectly. 

My first problem was this error while trying to enable users from the control panel: Insufficient access rights to perform the operation 00002098: SecErr:DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 I could not fix the problem with this solution: https://social.technet.microsoft.com/Forums/lync/en-US/325ca7c9-3ce8-47d9-8a28-505c062b5afb/lync-server-2010-insufficient-access-rights-to-perform-the-operation-00002098?forum=ocsmanagement, I solved it using the administrative shell as administrator using this command (with the correct data):  "Enable-CsUser Identity "Ken Myer" RegistrarPool atl-cs-001.litwareinc.com SipAddress "sip:kenmyer@litwareinc.com". It worked perfectly. When I queried that user in the control panel it was there, but I could not perform any action with it. 

Searching for another way to resolve this, I used the ResKit and dbanalize. I saw that the user I enabled before was not in the DB, obtaining this error: 

PS C:\Program Files\Microsoft Lync Server 2013\ResKit> .\DBAnalyze.exe /sqlserve
r:lync.xxxxxxxx.net\RTCLocal /report:user /user:sip:ksmith@xxxxxxxx.net
Snooper Version: 5.0.8308.0

Report created at 1/21/2015 4:50:13 PM on Lync01.xxxxxxxx.net.

There was an error communicating with the database:
###50010:ReportUserData:ksmith@xxxxxxxx.net is not found in this database.
PS C:\Program Files\Microsoft Lync Server 2013\ResKit>

I execute this command to check if the domain was properly set: Get-CsUserReplicatorConfiguration, and the domain was ok. I tried to update manually the DB using Update-CsUserDatabase but nothing happens; the same with InstallCs-Database -Update, but in this case the shell returned me a parameter error.

But this is the worst. After reboot the server, I tried to open the control panel and a new error came out: 

403 - Prohibido: acceso denegado.
No tiene permiso para ver este directorio o esta pgina con las credenciales que ha proporcionado.

I am using my administrative account, that belongs to the CsUserAdministrator group. Before renewing the certificate all was going well with it. 

I really do not know what else to do. Please, give some help, I will appreciate it a looot!!!!!!!!!!!!!

Here are some threads I check out before post this entry (they did not provided me a solution):

https://social.technet.microsoft.com/Forums/lync/en-US/0d809ea0-a85f-485a-bdc5-b40c59059be8/enabled-users-are-not-seen-in-the-rtc-database?forum=lyncdeploy 

https://social.technet.microsoft.com/Forums/en-US/046fea69-e9dc-4c4c-ab3e-f7a2f7f8161e/user-not-found-in-this-database?forum=lyncprofile

Edit - extra info

All the services are running normally. My Lync 2010 is standard Edition. The AD certificate service is disabled.

• Edited by verovan 16 hours 24 minutes ago

Hi,

Start from the begining, you have only renewd the certificate throug the deployment wizzard?

All services are up and running?

You use standard or enterprise server?

No errors on the application log on the eventlog?

You now, that you can't change users which are belongs to security groups like doamin admin etc. through the control p

Thanks for the reply. Here the answers to your questions:

1. Yes, I used the wizard to renew the cert.
2. All the services are running.
3. I use standard edition
4. Yes, because there are errors in the log I used the dbanalyze tool and some commands like Get-CsUserReplicatorConfiguration. The error has the eventID 30011. 

Thanks.

The event id 30011 could happened, if you have sub-domains which are not prepared for Lync.

Check your replication with Get-CsManagementStoreReplicationStatus, should be true

You can setup the permissions with grant-csoupermissions to the required OU

But maybe you have to check your certificates. Renew of the certificate will not remove any permissions.

My replication status is true.

I can't setup permissions using that command, i get this error: 

PS C:\Users\Administrator.domain> Grant-CsOuPermission -ObjectType User -OU "
ou=LyncAdmin,dc=domain,dc=co,dc=uk"
WARNING: Grant-CsOuPermission failed.
WARNING: Detailed results can be found at
"C:\Users\Administrator.domain\AppData\Local\Temp\2\Grant-CsOuPermission-143
bb054-1240-4810-9c65-55f57f953018.html".
Grant-CsOUPermission : Command execution failed: The security descriptor is nul
l. You might not have permissions to read the security descriptor.
At line:1 char:21
+ Grant-CsOuPermission <<<<  -ObjectType User -OU "ou=LyncAdmin,dc=domain,dc
=co,dc=uk"
    + CategoryInfo          : InvalidOperation: (:) [Grant-CsOUPermission], Ac
   tiveDirectoryException
    + FullyQualifiedErrorId : ProcessingFailed,Microsoft.Rtc.Management.Deploy
   ment.GrantOuPermissionsCmdlet

It looks like, that your accound has not the correct permissions. To which security groups do you belong?

Should be RTCUniversalServeradmin and Domain Admin to run this command.

Yes, it belons to the RTCUniversalServerAdmin and it is the domain admin. 

It is really strange, I dont know what else to check.