Users replication problems and access denied problem

Since I had te renew the Lync 2010 certicate, I can't perform any administrative action in the server. It's weird, because the service is working perfectly. 

My first problem was this error while trying to enable users from the control panel: Insufficient access rights to perform the operation 00002098: SecErr:DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 I could not fix the problem with this solution: https://social.technet.microsoft.com/Forums/lync/en-US/325ca7c9-3ce8-47d9-8a28-505c062b5afb/lync-server-2010-insufficient-access-rights-to-perform-the-operation-00002098?forum=ocsmanagement, I solved it using the administrative shell as administrator using this command (with the correct data):  "Enable-CsUser Identity "Ken Myer" RegistrarPool atl-cs-001.litwareinc.com SipAddress "sip:kenmyer@litwareinc.com". It worked perfectly. When I queried that user in the control panel it was there, but I could not perform any action with it. 

Searching for another way to resolve this, I used the ResKit and dbanalize. I saw that the user I enabled before was not in the DB, obtaining this error: 

PS C:\Program Files\Microsoft Lync Server 2013\ResKit> .\DBAnalyze.exe /sqlserve
r:lync.xxxxxxxx.net\RTCLocal /report:user /user:sip:ksmith@xxxxxxxx.net
Snooper Version: 5.0.8308.0

Report created at 1/21/2015 4:50:13 PM on Lync01.xxxxxxxx.net.

There was an error communicating with the database:
###50010:ReportUserData:ksmith@xxxxxxxx.net is not found in this database.
PS C:\Program Files\Microsoft Lync Server 2013\ResKit>

I execute this command to check if the domain was properly set: Get-CsUserReplicatorConfiguration, and the domain was ok. I tried to update manually the DB using Update-CsUserDatabase but nothing happens; the same with InstallCs-Database -Update, but in this case the shell returned me a parameter error.

But this is the worst. After reboot the server, I tried to open the control panel and a new error came out: 

403 - Prohibido: acceso denegado.
No tiene permiso para ver este directorio o esta pgina con las credenciales que ha proporcionado.

I am using my administrative account, that belongs to the CsUserAdministrator group. Before renewing the certificate all was going well with it. 

I really do not know what else to do. Please, give some help, I will appreciate it a looot!!!!!!!!!!!!!

Here are some threads I check out before post this entry (they did not provided me a solution):

https://social.technet.microsoft.com/Forums/lync/en-US/0d809ea0-a85f-485a-bdc5-b40c59059be8/enabled-users-are-not-seen-in-the-rtc-database?forum=lyncdeploy 

https://social.technet.microsoft.com/Forums/en-US/046fea69-e9dc-4c4c-ab3e-f7a2f7f8161e/user-not-found-in-this-database?forum=lyncprofile

Edit - extra info

All the services are running normally. My Lync 2010 is standard Edition. The AD certificate service is disabled.


  • Edited by verovan Friday, June 26, 2015 2:58 PM
June 26th, 2015 12:50pm

I was have the same issue, solved by re-added your Lync admin account into the following group (CS Admin
Free Windows Admin Tool Kit Click here and download it now
August 3rd, 2015 3:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics