Enable-CsUser in lync server with c# remotly

Similar Messages

• Remote PowerShell Connection to Lync Server With Kerberos authentication Fails

  Hi everyone ,
  Remote PowerShell to Lync Server With Kerberos authentication Fails .. Is there any reason for not being able to connect when authentication specified as Kerberos . But exactly same code works when Authentication is specified as "Negotiate"
  E.g :
  Error -
  $session=New-PSSession -ConfigurationName Microsoft.Powershell -ConnectionUri https://serverName.lync.com/ocspowershell/ -Credential $cred -Authentication Kerberos
  [serverName.lync.com] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in
  the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server.  To use Kerberos, specify the computer name as the remote destination. Also verify
  that the client computer and the destination computer are joined to a domain.To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by
  server:   Digest Negotiate For more information, see the about_Remote_Troubleshooting Help topic.
      + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
     eption
      + FullyQualifiedErrorId : PSSessionOpenFailed
  Works  -
  $session=New-PSSession -ConfigurationName Microsoft.Powershell -ConnectionUri https://serverName.lync.com/ocspowershell/ -Credential $cred -Authentication Negotiate

  Hi,
  Please double check if Windows Update is the latest version, if not, please update and then test again.
  Please also ensure that the workstation you are using has network access to the Certificate Authority that signed the certificate.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync server with HA

  hi,
  How many lync server licences are required if deployment requires the ff:
  2 x Lync front end with HA
  2 x SQL back end with HA
  tnx

  With Lync you only need to license the front end role. So in this case you would need two Lync server licenses but you would not need additional for edge or mediation roles. For SQL licensing, you would need a couple of SQL server licenses as well. One
  last item, for Lync 2013 it is strongly recommended that at least 3 front ends (and therefore three Lync server licenses) be deployed for HA due to the way quorum works.
  Outside of that, you'll need Windows licenses, client access licenses, and a hardware load balancer too.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Mac mini server with Apple remote

  Hi,
  Bought my mac mini server november last year, and much to my surprise, with it came an Apple remote. Not the latest one but the flat all-white one.
  This weekend I have redeployed the mini in my house and want to start using Frontrow, however my remote does not seem to work with the mini.
  I have tested the remote with a number of other maca and atvs, there it works fine.
  Any pointers appreciated
  Pim

  That is really strange, the remote is not list as being in the box on the Mac mini Server's Specs page!
  I believe it used to be, there was definitely a pre-formed space for it in the box
  Have you checked the battery since it is an old model?
  I mentioned i worked perfect with any of the other Macs in the house
  You can use Mac Help in the Help menu of the Finder. Go to Index>A>Apple Remote for troubleshooting and pairing instructions.
  Not sure if this is the issue, since the server version does not have an optical drive, I was wondering if it has an IR eye
  Pim

• Lync 2010 client - Cannot access lync server as a remote user

  Just one simple question. I cannot login to my lync 2010 server because from my location I cannot reach directly from my client  the edge server on port 443. Can I still login to lync if using an internet proxy, I know that using an internet proxy,
  with another ip I can reach the internet and so I can reach also the edge server public address on port 443. But I don't know if lync client for login read also internet proxy settings.
  Hope it's all clear. Thanks for your support

  As long as you are able to reach Internet and your edge is configured properly, you will be able to connect. Lync client doesnt have proxy settings

• Lync HP 4120 Sign in problems with Lync Server 2013

  Hi, this is my second request for help, this with more information...
  I`ll ready install the follow infrastructure:  (I change the name of my organization for contoso)
  Lync Server 2013 Installation with Enterprise mode with 1 front end :  Pool: lync.contoso.com  Front End: lyncfe01.contoso.com     Back End: lyncsql01.contoso.com
  I`ll ready install a PKI infrastructure with two tiers, the root offline and the subordnate ac.contoso.com
  This with the defailt algorithm configuration RSA SHA1
  My phones are HP 4120 
  In the Front End Server i configured the SCHANNEL registers:
  EnableSessionTicket in 2
  Send..etc in 0
  Ok, the installation is ok, services are OK, Client login trough PC its OK, PSTN Configuration... (I can make a phonecall with the lync client of Office 365)
  Commnd Checks:  
  When i run the command Test-CsPhoneBootstrap -PhoneOrExt 12345 -PIN 123456 -TargetFqdn lync.contoso.com
  The result is:
  Target Fqdn   : lync.contoso.com
  Target Uri    : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
  Result        : Success
  Latency       : 00:00:09.0559615
  Error Message :
  Diagnosis     :
  When i run the command Test-CsPhoneBootstrap -PhoneOrExt 12345 -PIN 123456 for
  check the DHCP the result is:
  Target Fqdn   : lync.contoso.com
  Target Uri    : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
  Result        : Success
  Latency       : 00:00:09.0559615
  Error Message :
  Diagnosis     :
  When i run the follow command 
  PS C:\Users\Administrator> $cred = Get-Credential
  cmdlet Get-Credential at command pipeline position 1
  Supply values for the following parameters:
  Credential
  PS C:\Users\Administrator> Test-CsClientAuth -TargetFqdn lync.contoso.com -UserSipAddress "sip:[email protected]" -UserCredential $cred
  I got this:
  Target Fqdn   : lync.contoso.com
  Target Uri    : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
  Result        : Success
  Latency       : 00:00:00.3431783
  Error Message :
  Diagnosis     :
  But.. when i use the same command but i remove the -targetFqdn for check the Dhcp i got this:
  VERBOSE: Workflow Instance Id 'bca95636-af7b-4b0a-b43d-dba259294b2d', started.
  VERBOSE: Command line executed is 'Test-CsClientAuth -UserSipAddress "sip:[email protected]" -UserCredential $cred
   -Verbose'.
  Target Fqdn   :
  Target Uri    :
  Result        : Failure
  Latency       : 00:00:00
  Error Message : 10060, A connection attempt failed because the connected party did not properly respond after a period
                  of time, or established connection failed because connected host has failed to respond 194.90.8.20:5061
                  Inner Exception:A connection attempt failed because the connected party did not properly respond after
                  a period of time, or established connection failed because connected host has failed to respond
                  194.90.8.20:5061
  Diagnosis     :
  VERBOSE: Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STClientAuthWorkflow' started.
  Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STClientAuthWorkflow' completed in '5.62E-05' seconds.
  Target web service Url not provided. Will have to extract it from authentication challenge.
  An exception 'Unable to establish a connection.' occurred during Workflow
  Microsoft.Rtc.SyntheticTransactions.Workflows.STClientAuthWorkflow execution.
  Exception Call Stack:    at Microsoft.Rtc.Signaling.SipAsyncResult`1.ThrowIfFailed()
     at Microsoft.Rtc.Signaling.Helper.EndAsyncOperation[T](Object owner, IAsyncResult result)
     at Microsoft.Rtc.SyntheticTransactions.Activities.GetSTSUriActivity.InternalExecute(ActivityExecutionContext
  executionContext)
     at Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Execute(ActivityExecutionContext
  executionContext)
     at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
     at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
     at System.Workflow.Runtime.Scheduler.Run()
     at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
     at Microsoft.Rtc.Internal.Sip.TcpTransport.OnConnected(Object arg)
  'GetSTSUri' activity started.
  Starting STS Uri Discovery...
  ERROR getting STS Uri.
  'UnRegister' activity started.
  'UnRegister' activity completed in '3.12E-05' seconds.
  VERBOSE: Workflow Instance ID 'bca95636-af7b-4b0a-b43d-dba259294b2d' completed.
  VERBOSE: Workflow run-time (sec): 126.0548512.
  The Real Problem is that my Lync HP 4120 Phone can't make a sign in, not from USB cable loging, nor with PIN authentification
  When I try to make a login with the USB cable, I set the user and password and the phone says "Connecting to Lync".. "Downloading a certificate" ... "Installing certificate"... "Downloading Certificate"...
  "Installing Certificate".. forever 
  When I try to make a login with PIN Authentification, the phone first displays the following:
  Account used is not authorized, Please Contact your support team and then shows this:
  An Account matching this phone number cannot be found. Please contact your support team.
  The Pin authentification is enable
  In the Lync Server Enable Kerberos Authentification, Enable Integrated Windows Authentification and Enable Certificate Authentification are enable
  This is the configuration from DHCP 
  Starting Discovery ... 
  Sending Packet (Size: 284, Network Adapter: xx.xx.xx.xx, Attempt Type: Broadcast only)
  --Begin Packet--
  DHCP: INFORM                (xid=130EA7FA)
  DHCP: Op Code           (op)      = 1
  DHCP: Hardware Type     (htype)   = 6
  DHCP: Hops              (hops)    = 0
  DHCP: Transaction ID    (xid)     = 319727610
  DHCP: Seconds           (secs)    = 0
  DHCP: Flags             (flags)   = 0000
  DHCP: Client IP Address (ciaddr)  = Xx.xx.xx.xx
  DHCP: Your IP Address   (yiaddr)  = 0.0.0.0
  DHCP: Server IP Address (siaddr)  = 0.0.0.0
  DHCP: Relay IP Address  (giaddr)  = 0.0.0.0
  DHCP: Client HW Address (chaddr)  = FC15B4###--End Packet--
  Received Packet
  Sender:xx.xx.xx.xx:67, Size:363
  --Begin Packet--
  DHCP: ACK                (xid=130EA7FA)
  DHCP: Op Code           (op)      = 1
  DHCP: Hardware Type     (htype)   = 6
  DHCP: Hops              (hops)    = 0
  DHCP: Transaction ID    (xid)     = 319727610
  DHCP: Seconds           (secs)    = 0
  DHCP: Flags             (flags)   = 0000
  DHCP: Client IP Address (ciaddr)  = xx.xx.xx.xx
  DHCP: Your IP Address   (yiaddr)  = 0.0.0.0
  DHCP: Server IP Address (siaddr)  = 0.0.0.0
  DHCP: Relay IP Address  (giaddr)  = 0.0.0.0
  DHCP: Client HW Address (chaddr)  = FC15B4100289
  DHCP: Server Host Name  (sname)   = 
  DHCP: Boot File Name    (file)    = 
  DHCP: Magic Cookie                = 99.130.83.99
  DHCP: Option Field
      DHCP: DHCP MESSAGE TYPE(  53) = (Length: 1) DHCP ACK
      DHCP: Server Identifier(  54) = (Length: 4) XX.XX.XX.XX
      DHCP: Client Identifier(  61) = (Length: 0)  ()
      DHCP: SIP Server( 120)        = (Length: 17) enc:0 lync.contoso.com (00046C796E6306756E69736F6E026D7800)
      DHCP: Host Name(  12)         = (Length: 0) 
      DHCP: Vendor Identifier(  60) = (Length: 0) 
      DHCP: Param Req List(  55)    = (Length: 0) 0 0
      DHCP: Vendor Info(  43)       = (Length: 86) MS-UC-Clienthttpslync.contoso.com443%/CertProv/CertProvisioningService.svcÜNAP (010C4D532D55432D436C69656E7402056874747073030E6C796E632E756E69736F6E2E6D78040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663DC034E4150)
      DHCP: End of this option field
  --End Packet--
  Result: Success
  DHCP Server : xx.xx.x.xx.
  SIP Server FQDN : lync.contoso.com
  Certificate Provisioning Service URL : https://lync.contoso.com:443/CertProv/CertProvisioningService.svc
  thanks for all, hope somebody can help me with this problem.. i am going crazy...

  Hi, i connected the Lync Phone to another switch and i update the firmware to the newest firmware and i got the same problem..  
  The lync phone download the certificate but cant install it and the still the same error with the SIP login
  An Account matching this phone number cannot be found. Please contact your support team.

• NEED TO ENABLE BULK USERS on LYNC 2010 WITH POWERSHELL using SAMACCOUNTNAME

  Currently I am using following command;
  Import-Csv C:\Scripts\Users.csv | ForEach-Object{$varUserId=$_.userid; Enable-CsUser -Identity $varUserid -RegistrarPool gn-a-if-lync01.iyogi.net -SipAddressType samaccountname -sipdomain iyogi.net}
  WHENEVER I RUN THIS COMMAND I GET FOLLOWING ERROR, MAY BE SOMETHING IS WRONG HERE:
  Enable-CsUser : Management object not found for identity "waseem.raza".
  At C:\Scripts\lyncuser.ps1:1 char:85
  + Import-Csv C:\Scripts\Users.csv | ForEach-Object{$varUserId=$_.userid; Enable
  -CsUser <<<<  -Identity $varUserid -RegistrarPool gn-a-if-lync01.iyogi.net -Sip
  AddressType samaccountname -sipdomain iyogi.net}
      + CategoryInfo          : NotSpecified: (:) [Enable-CsUser], ManagementExc
     eption
      + FullyQualifiedErrorId : Microsoft.Rtc.Management.AD.ManagementException,
     Microsoft.Rtc.Management.AD.Cmdlets.EnableOcsUserCmdlet
  Any help is appreciated :)
  Thanks,
  RIWAA
  RIWA

  Hi RIWAA,
  The help for Enable-CsUser clearly states that sAMAccountName is not a valid option for the Paramter -Identity
  I quote the description of the paramter:
  "Indicates the Identity of the user account to be enabled for Lync Server. User Identities can be specified
  by using one of four formats: 1) the user's SIP address; 2) the user's user principal name (UPN); 3) the user's domain name and logon name, in the form domain\logon (for example, litwareinc\kenmyer); and, 4) the user's Active Directory display name (for example,
  Ken Myer). You can also reference a user account by using the user’s Active Directory distinguished name.
  You can use the asterisk (*) wildcard character when using the Display Name as the user Identity. For example, the Identity "* Smith" returns all the user who have a display name that ends with the string value " Smith"."

• A significant number of connection failures have occurred with a remote server (Event ID 14502)

  I see a number of these events on my Lync 2010 Server. NSlookup shows that 75.0.230.1 is an sbcglobal.net server. (See bolded text.) I have no federation or other connections to sbcglobal.net or AT&T, so why is my Lync server attempting to contact this
  server (and others) at all?
  Log Name:      Lync Server
  Source:        LS Protocol Stack
  Date:          3/14/2014 11:34:30 AM
  Event ID:      14502
  Task Category: (1001)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      EdgeServer.mydomain.com
  Description:
  A significant number of connection failures have occurred with remote server  IP 75.0.230.1. There have been 75 failures in the last 184 minutes. There have been a total of 75 failures.
  The specific failure types and their counts are identified below.
  Instance count   - Failure Type
  75                 0x80072746(WSAECONNRESET)
  This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="LS Protocol Stack" />
      <EventID Qualifiers="50153">14502</EventID>
      <Level>2</Level>
      <Task>1001</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-14T16:34:30.000000000Z" />
      <EventRecordID>32141</EventRecordID>
      <Channel>Lync Server</Channel>
      <Computer>EdgeServer.mydomain.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data>75.0.230.1</Data>
      <Data>
      </Data>
      <Data>75</Data>
      <Data>184</Data>
      <Data>75</Data>
      <Data>75</Data>
      <Data>0x80072746(WSAECONNRESET)</Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>
      </Data>
      <Data>
      </Data>
    </EventData>
  </Event>
  Blog /
  Facebook / Twitter

  To combat the issue, enable an HLB port on your FE servers (or any other pool you are using HLB on) and configure the health checks for the load balancer to use that port instead of the port used for TLS traffic.
  Start by configuring the pool in Topology Builder, right click the pool, and choose Edit Properties>General.  Place a check in the “Enable Hardware Load Balancer monitoring port” and specify a port.
  Also you can refer below link
  http://ocsguy.com/2011/11/02/lync-hardware-load-balancer-monitoring-port/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• How to Enable Lync Windowphone agent on Lync Server 2010

  How to Enable Lync Windowphone agent on Lync Server 2010 ?

  Can you please elaborate. Do you mean to enable a Lync user to use the Lync Mobile Client for Windows mobile devices in a Lync 2010 environment?
  If so, in Lync 2010 there is no special enable setup other than allow the user to have remote access. Of course the MCX service needs to be working.
  Look forward to more details
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Lync Sorted blog

• Integrating Exchange 2013 & Lync Server 2013: can't use a certificate with Seth-AuthConfig

  I'm trying to integrate Exchange and Lyn Server. One of the first steps is to bind a correct certificate to IIS on all of the CAS servers and set it as a main certificate in the global AuthConfig object. The certificate must be the same on all of the
  CAS servers because the autodiscover.domain.local DNS record points to all of them, and Lync Server uses this FQDN to access Exchange servers. The thumbprint of this certificate must be specified in Set-AuthConfig command run on an Exchange server.
  We have an internal enterprise CA. I generated a certificate on one of the CAS servers and bound it to all of the Exchange services. Then I exported it, imported it on the second CAS server and bound it to all of the services as well. Now Exchange correctly uses
  it for OWA, for example, and IE gives no security warnings when I connect to OWA.
  However, whenever I run Set-AuthConfig command on any server, it keeps telling me that
  The certificate with thumbprint XXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyNotAccessible).
  The key IS accessible - I can export the certificate along with its private key. What's wrong?

  Here's the answer.
  It seems that the -Server switch in the Set-AuthConfig command is only used to specify where you want to look for the certificate with the given thumbprint. However, it's impossible to predict which Exchange server will actually perform the operation
  (the Server switch doesn't influence it a bit). It could be ANY server, even a mailbox one with no CAS role at all. And, of course, another Exchange server has no access to the certificate store of the CAS server where the certificate is actually stored. It
  was exactly the case in my environment.
  So in order to enable this certificate you must import it on ALL of your Exchange servers. You need't (and even shouldn't) enable it for any services on your mailbox servers if you don't want to, just import it.

• Lync Server Integration with Exchange 2013

  Hello,
  I have Exchange 2013 standard edition server installed and running successfully on a Windows 2012 machine. Now, I would like to have a Lync 2013 server integrated with it. I came across some links telling that its not possible to integrate Unified Messaging
  in the Exchange standard edition and would need an Enterprise edition license. But, when I checked my ECP, I could see that UM is already there and its enabled. 
  So, Is it possible to integrate Lync 2013 with Exchange 2013 standard edition? What all things I need to take care of while Integrating? If someone could shed some light on this, that would be greatly appreciated.
  Thanks and Regards,
  Nash Burns

  Yes you can integrate Lync 2013 with Exchange 2013 Standard, the only big difference between Exchange 2013 Standard vs Enterprise is the number of mailbox databases (5 vs 50).
  Follow this link for information on integrating the two: http://technet.microsoft.com/en-us/library/jj688098.aspx (specifically integrating Lync with Exchange for Voicemail http://technet.microsoft.com/en-us/library/jj687983.aspx)
  Having said that, the confusion may be related to User CALs. You need Exchange Enterprise User CALs to use the Unified Messaging components. (I believe they still work regardless, but
  to be properly licensed and compliant you need to have the correct number of Enterprise CALs for the number of users that use UM)
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
  www.lynced.com.au | Twitter
  @imlynced

• Integrating Lync 2010 with Avaya AES Server

  Dears,
  I'm trying to integrate AES 5.2.3 with Super Patch 2 installed with Lync Server 2010. I installed one Lync Front-End Standard Edition and followe the instruction in the below URl:
  http://support.avaya.com/css/P8/documents/100144425
  Also, Customer has AD which use S-LDAP connection, so communication with AD over 389 port is not allowed, we are using 636 port.
  I noticed that the CA server (Windows 2003) installed on the environment is Standalone Server, so I cannot find "Certificate Template" in the CA Console but i got it from MMC snap-in and created the required template according to the document (above URL)
  but and continue the steps.
  when I enabled users to RCC, and login to Lync Client, i got an error "No Phone System Connection"
  and from snooper, i found 
  ms-diagnostics: 1038;reason="Failed to connect to a peer server";WinsockFailureCode="10061(WSAECONNREFUSED)";WinsockFailureDescription="The peer actively refused the connection attempt";Peer="aesad.domain.com";Port="4723";source="LYNCFE.domain.com"
  by reviewing the certificate on FE server and AES server, i found that, Enhanced Key Usage: Server Authentication although i used a template that afford Server & Client Authentication.
  Also, I don't have another server to create Trusted App Pool, so when I run the power shell command I got a warning advise that this machine (App Pool Name) doesn't has Computer Object in AD.
  My Questions:
  Is the certificate issued to Lync and AES correct or it should contain both Server & Client Authentication?
  Can I use Standalone CA to issue this type of Certificates or I have to install Enterprise CA? 
  What is the cause of "No Phone System Connection" Error? 
  How can I check if AES accept communication with Lync on 4723? I tried to telnet with no luck.
  Is it supported to allow AES to communicate S-LDAP?
  Regards, Fady Naguib

  Hi Fady,
  1.You issued incorrect certificate for Lync and AES. The certificate templates from MMC snap-in is different from the templates form certification Authority. I donot know why there is no "Certificate Template" in your CA console. Do you install the CA component?
  2.Maybe It can work you use standalone CA to issue certificate to Lync deployment, but it isnot recommended. You'd better add your CA server to domain and install Enterprise CA.
  3.Verify you have add AES server to lync Trusted APP pool successfully. AES server has opend port 4723 port in firewall. You'd better install Enterprose CA and create templates in the CA templates, and issue the certificate for lync server.
  4.Make sure AES server has opend port 4723 port in firewall.
  5.I think the AES server can communicate s-ldap. you should add AES SERVER FQDN to AD and create A record for it.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Persistent Chat (Lync Server 2013) with Lync 2010 Group Chat

  I have successfully deployed Lync Server 2013 and both 2013 and 2010 desktop clients connect and function as expected.
  The problem is with Persistent Chat. It works perfectly with the 2013 desktop client but - whilst 2010 Group Chat connects - I receive the error message "The [LOGON_DOMAIN] is not available". No chat rooms are available and I am unable to search.
  I have been unable to locate anything on the web which discusses the problem.
  I do not know whether this makes a difference but the 2010 clients use terminals rather than dedicated workstations.
  Can anyone shed any light on what the problem may be?

  Have you created a CsPersistentChatEndpoint to allow the Group Chat client (2010) to connect to Persistent
  Chat server? Please take a look at: http://technet.microsoft.com/en-us/library/jj204901.aspx
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• How can you run a command with elevated rights on a remote server with invoke-command ?

  I am trying to run a script on a remote server with invoke-command.  The script is starting and is running fine, but the problem is that it should be running with elevated rights on the remote server.  On the server where I start the invoke-command, my account has the necessary rights.
  The server were I launch the invoke-command is a W2K8 R2.  The remote box is a W2K3 with powershell v2.0 installed.
  When I launch the script on the remote-box from the command line, I don't get the access denied's.
  Is there a way to do this ?
  Thanks in advance

  The script that I want to run is to install the windows updates.  I get an access denied on the download of the updates.
  When I execute the script on an W2K8 box, (not remotely) and I run it with non-elevated rights, I get the same error.
  The script is running fine when it is launched on W2K3 box locally with a domain account that has local admin rights, or on a W2K8 R2 server with a domain account that has local admin rights, but with elevated rights.
  Thanks in advance for your help.
  #=== start script ====
  param($installOption="TESTINSTALL",$rebootOption="NOREBOOT")
  Function Show-Help
  Write-Host ""
  Write-Host "SCRIPT: $scriptName <installOption> <RebootOption>"
  Write-Host ""
  Write-Host "DESCRIPTION: Installatie van WSUS updates op de lokale server"
  Write-Host ""
  Write-Host "PARAMETERS"
  Write-Host " -installOption <[INSTALL|TESTINSTALL]>"
  Write-Host " -rebootOption <[REBOOT|NOREBOOT|REBOOT_IF_UPDATED]>"
  Write-Host ""
  Write-Host "EXAMPLE:"
  Write-Host "$ScriptName -installOption INSTALL -rebootOption REBOOT_IF_UPDATED"
  Write-Host "$ScriptNAme INSTALL NOREBOOT"
  Write-Host ""
  Write-Host "Indien beide parameter weggelaten worden zijn de defaultwaarden :"
  Write-Host " installOption=TESTINSTALL "
  Write-Host " RebootOption=NOREBOOT"
  Write-Host ""
  Exit
  #Include alle globale variablen
  $CEIF_WIN_PATH = (get-content env:CEIF_WIN_PATH)
  $includeFile=$CEIF_WIN_PATH + "\Scripts\include_win.ps1"
  . $includeFile
  #initialiseer error count
  $errcnt=0
  $scriptName=$MyInvocation.MyCommand.Name
  #argumenten controleren
  $arrInstallOption= "TESTINSTALL", "INSTALL" # Mandatory variable with predefined values
  If (!($arrInstallOption –contains $installOption)){ Show-Help }
  $arrRebootOption = "REBOOT", "NOREBOOT","REBOOT_IF_UPDATED" # Mandatory variable with predefined values
  If (!($arrRebootOption –contains $rebootOption)){ Show-Help }
  #Logfile opbouwen
  $logfile = get-logfileName($MyInvocation.MyCommand.Name)
  Log-scriptStart $MyInvocation.MyCommand.Name $logfile
  function Get-WIAStatusValue($value)
  switch -exact ($value)
  0 {"NotStarted"}
  1 {"InProgress"}
  2 {"Succeeded"}
  3 {"SucceededWithErrors"}
  4 {"Failed"}
  5 {"Aborted"}
  function boot-server()
  if ($installOption -eq "TESTINSTALL")
  logger "TESTINSTALL : - Reboot local Server" $logfile
  else
  logger " - Reboot local Server" $logfile
  $thisServer = gwmi win32_operatingsystem
  $thisServer.psbase.Scope.Options.EnablePrivileges = $true
  $thisServer.Reboot()
  $logmsg="Install option = " + $installOption + ", RebootOption = $rebootOption"
  logger "$logmsg" $logfile
  logger "" $logfile
  logger " - Creating WU COM object" $logfile
  $UpdateSession = New-Object -ComObject Microsoft.Update.Session
  $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
  logger " - Searching for Updates" $logfile
  $SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
  logger " - Found [$($SearchResult.Updates.count)] Updates to Download and install" $logfile
  $Updates=$($SearchResult.Updates.count)
  logger "" $logfile
  foreach($Update in $SearchResult.Updates)
  if ($Update.EulaAccepted -eq 0)
  $Update.AcceptEula()
  # Add Update to Collection
  $UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
  $UpdatesCollection.Add($Update) | out-null
  if ($installOption -eq "TESTINSTALL")
  else
  # Download
  logger " + Downloading Update $($Update.Title)" $logfile
  $UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
  $UpdatesDownloader.Updates = $UpdatesCollection
  $DownloadResult = $UpdatesDownloader.Download()
  $Message = " - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
  if ($DownloadResult.ResultCode -eq 4 )
  { $errcnt = 1 }
  logger $message $logfile
  # Install
  logger " - Installing Update" $logfile
  $UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
  $UpdatesInstaller.Updates = $UpdatesCollection
  $InstallResult = $UpdatesInstaller.Install()
  $Message = " - Install {0}" -f (Get-WIAStatusValue $InstallResult.ResultCode)
  if ($InstallResult.ResultCode -eq 4 )
  { $errcnt = 1 }
  logger $message $logfile
  logger "" $logfile
  #Indien er een fout gebeurde tijdens download/installatie -> stuur mail naar windowsteam
  if ( $errcnt -gt 0 )
  logger " - Fout tijdens de uitvoering van script -> send mail" $logfile
  $mailSubject=$MyInvocation.MyCommand.Name
  $msg = new-object Net.Mail.MailMessage
  $att = new-object Net.Mail.Attachment($logfile)
  $smtp = new-object Net.Mail.SmtpClient($smtpServer)
  $msg.From = $mailFrom
  $msg.To.Add($mailTo)
  $msg.Subject = $mailSubject
  $msg.Body = “Meer details in attachement”
  $msg.Attachments.Add($att)
  $smtp.Send($msg)
  #Moet de server herstart worden ?
  if ($rebootOption -eq "REBOOT_IF_UPDATED" )
  if ($Updates -gt 0)
  #Reboot the server when updates are installed
  boot-server
  elseif ($rebootOption -eq "REBOOT")
  #reboot the server always
  boot-server
  else
  #Do not reboot the server
  logger "Do not reboot the server" $logfile
  Log-scriptEnd $MyInvocation.MyCommand.Name $logfile
  exit 0

• The Lync Server Front-End service terminated with service-specific error %%-1008124893.

  Hello, everyone
  I've installed Lync Server 2010. There was no error during installation. But when i start Lync Server Front End Server, i'm getting following error:
  The Lync Server Front-End service terminated with service-specific error %%-1008124893.
  In event viewer:
  The evaluation period for Microsoft Lync Server 2010  has expired. Please upgrade from the evaluation version to the fully licensed version of the product. Look at help for Setup.exe to learn how to upgrade from evaluation version to the licensed version.
  Cause: The evaluation period for Microsoft Lync Server 2010  has expired.
  I've upgraded Lync Server according to http://technet.microsoft.com/en-us/library/gg521005.aspx?ppud=4
  Also I've installed all Lync Server updates.
  But I still could not start Lync Front End Sever. How can I solve this problem?
  Thanks

  Hi,
  Can you try to run
  start-cswindowsservice -report c:\report.html
  and post the report so we can have more information about your problem ?
  Regards,
  Adrian TUPPER - ABC Systemes - http://thelyncexperience.blog.com/ If answer is helpful, please hit the green arrow on the left, or mark as answer Thank you