Few users are unable to sign in after we added 2 more front end servers in existing pool?

Hello, 
We have recently extended the Lync 2010 Enterprise pool with 2 Front end servers.  Now we have totally 6 Front end servers. 
After this change some users are unable to login. Error message: "Cannot loggin as server is temporarily unavailable"
Captured, client logs and received the following:
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";
We have the following security settings on the newly added front end servers:
Network security: Minimumsecurity for NTLM SSP Based clients - set to - Require 128-bit encryption 
In other existing front end servers, it has been set to - No minimum. 
Questions:
1. Is that the issue for signin failure?
2. Do we need to change this option to - No minimum in new servers and reboot it?
Please advise. MUCH THANKS. 

Hello 
Those clients running in Windows 7 OS. And the error is different:
"Cannot loggin as server is temporarily unavailable"
Thanks

Similar Messages

  • Few Users are unable to open reports from workspace

    Hi ,
    Few users are nt able to open reports from workspace. Can anyone let em know what all privalleges we need to give for the users who want to open reports.
    Thanks in Advance

    In general if a user can see a report and cannot open, this should be related with the application security that the reports' grid is connecting.
    If opening request from users are failing with an error, please paste the error here,
    Sometimes reports may be open with blank pages or no data, make sure users have necessary access to data...easy way to check this, connect to application and try to retrieve data from application, Lets say your report grid is connecting to Essbase, try if you can retrieve same grid from essbase excel add-in.
    Good Luck,
    Ahmet

  • OCS 2007 r2 new users are unable to sign in Help!!!

    a little background: we had an issue with our domain controller and had to flash a backup image that we took 2 weeks prior. after we got everything setup correctly again and added users that were not there when we took the image backup. it all seemed
    fine, until we had to add some new hires. now when I add new users and configure them correctly with in OCS and active directory the user cannot sign in. from what I have read it could be a replication error, but when I try to force replication it fails. as
    we rely on this service for our business it is very frustrating. I have ran the validation tool and this is what I get.
    Attempting to login   user using Kerberos
    Maximum hops: 2
      Successfully established security association with the server: User   nancy Domain lj Protocol Kerberos Target sip/Fileserver.LJ.local
      Failed to register user: User sip:[email protected] @ Server Fileserver.LJ.local
      Failed registration   response: [
      SIP/2.0 403 Forbidden
      FROM: <sip:[email protected]>;epid=epid00;tag=af8d4a32c5
      TO: <sip:[email protected]>;tag=1A2FD46AB32C93C71252508422122A62
      CSEQ: 2 REGISTER
      CALL-ID: cd6769facadf4da68a88921dfc5a4807
      VIA: SIP/2.0/TLS   192.168.0.23:57752;branch=z9hG4bKf130bb10;ms-received-port=57752;ms-received-cid=40200
      CONTENT-LENGTH: 0
      AUTHENTICATION-INFO: Kerberos   rspauth="602306092A864886F71201020201011100FFFFFFFF764B3F8B7D0AE7EC1B6FE36DAA9B10B1",   srand="C0091F30", snum="1", opaque="EE6E2772",   qop="auth", targetname="sip/Fileserver.LJ.local",
      realm="SIP Communications Service"
      ms-diagnostics: 4004;reason="Credentials provided are not authorized to   act as specified from   URI";source="Fileserver.LJ.local";AuthenticatedIdentity="LJ\nancy"
      ms-diagnostics-public: 4004;reason="Credentials provided are not   authorized to act as specified from   URI";AuthenticatedIdentity="LJ\nancy"
      Suggested Resolution: Use the maximum hop count to determine the   server that generated this error. For example, if the maximum hop value is 2,   then it is likely that this error was generated by a server that is 1  
    (immediate target) or 2 hops away. If the target server supplied and the home   server for the user are different check the trust relationship between them.   If the target server is an access edge server then check whether the internal   supported
    domain list contains the domain of this user. In addition, check   the forest-level domain supported list and make sure the user domain is   present. Finally, run the dbanalyze tool on the home server to check whether   the user is homed and
    configured correctly.
      Suggested Resolution: Ensure that the supplied credentials are   appropriate for the supplied user. If the user has been moved recently, run   dbanalyze to ensure that the user is homed correctly.
    Failure
      [0xC3FC200D] One or more errors were detected
    Maximum hops: 2
      Successfully established security association with the server: User   nancy Domain lj Protocol NTLM Target Fileserver.LJ.local
      Failed to register user: User sip:[email protected] @ Server   Fileserver.LJ.local
      Failed registration   response: [
      SIP/2.0 403 Forbidden
      FROM: <sip:[email protected]>;epid=epid01;tag=e91f12148
      TO: <sip:[email protected]>;tag=1A2FD46AB32C93C71252508422122A62
      CSEQ: 5 REGISTER
      CALL-ID: 9ac9e3fe41f64e6587b7e744ef4eabc4
      VIA: SIP/2.0/TLS   192.168.0.23:57752;branch=z9hG4bK53b7532;ms-received-port=57752;ms-received-cid=40200
      CONTENT-LENGTH: 0
      AUTHENTICATION-INFO: NTLM rspauth="010000002A86488630F580CBB5BBDB1F",   srand="D34E3231", snum="1", opaque="9FC5005B",   qop="auth", targetname="Fileserver.LJ.local",   realm="SIP
    Communications Service"
      ms-diagnostics: 4004;reason="Credentials provided are not authorized to   act as specified from URI";source="Fileserver.LJ.local";AuthenticatedIdentity="LJ\nancy"
      ms-diagnostics-public: 4004;reason="Credentials provided are not   authorized to act as specified from   URI";AuthenticatedIdentity="LJ\nancy"
      Suggested Resolution: Use the maximum hop count to determine the server   that generated this error. For example, if the maximum hop value is 2, then   it is likely that this error was generated by a server that is 1 (immediate
      target) or 2 hops away. If the target server supplied and the home server for   the user are different check the trust relationship between them. If the   target server is an access edge server then check whether the internal   supported
    domain list contains the domain of this user. In addition, check   the forest-level domain supported list and make sure the user domain is   present. Finally, run the dbanalyze tool on the home server to check whether   the user is homed and
    configured correctly.
      Suggested Resolution: Ensure that the supplied credentials are   appropriate for the supplied user. If the user has been moved recently, run   dbanalyze to ensure that the user is homed correctly.

    Depending on how you rolled back Active Directory, you may have entered a situation called "USN Rollback" where your rolled back DC stops replicating with the rest of the DC's in the infrastructure.
    This will cause issues like what you are experiencing, and much worse in the long term, such as machines getting dropped from the domain, and user password becoming inconsistent, since you're essentially maintaining two copies of your domain that cannot
    talk to each other...
    Here are more details: http://support.microsoft.com/kb/875495
    I'd recommend resolving the underlying AD issue by removing the restored DC from the infrastructure (you may have to force demote and remove metadata). Once AD is 100% functional then you can start troubleshooting OCS sign in issues, but my guess is they
    will resolve themselves once the restored DC is removed.
    Hope this helps,
    Gonzalo

  • Users are unable to see their own profile photo although everyone else can see it in Lync 2013 client

    We have Lync 2013, Exchange 2010 and several AD
    servers in mixed mode 2003/2008.
    All user are unable to see their own profile photo
    either in the main Lync window, in the settings or in a chat although other user can see that their photo is there and displaying. The user experiencing the issue can go open Outlook 2013 client and will see their photo displaying correctly in the file menu
    (and elsewhere) here.
    I have confirmed this happens with any new users I set up as well. We have gone through a fair amount of troubleshooting with other Lync photo issues and simple fixes such as deleting the SIP cache folder etc proves to be ineffective.
    Our Cs-ClientPolicy Global is set to websearchonly.
     We have "Replicate this attribute to the Global Catalog" set
    for the ThumbnailPhoto attribute in AD.
    We are also forcing photos from AD only (or no photo) by setting the following:
    "Set-CsClientPolicy -Identity PhotosControl -DisplayPhoto
    PhotosFromADOnly"  
    and finally we are importing the photo in ad using this PS command:
    "Import-RecipientDataProperty -Identity "Test User"
    -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\testuser.jpg" -Encoding Byte -ReadCount 0))"
    The pictures being uploaded are under 10KB in size.
    I have followed many threads and will provide any information I can to help find the problem. Thank you in advance.
    EDIT: I have also tried the following but with no success: https://knowledge.zomers.eu/misc/Pages/How-to-fix-your-photo-not-showing-up-in-the-Lync-client.aspx

    Hi Jdentremont,
    Lync client gets user photos by first querying the Address Book Web Query (ABWQ) service on the server, which is exposed through the Distribution List Expansion web service. The client receives
    the image file and then copies it to the user's cache to avoid downloading the image each time it needs to be displayed. The attribute values returned from the query are also stored in the cached Address Book Service entry for the user. The Address Book Service
    deletes all cached images every 24 hours, which means that it can take up to 24 hours for new user images to be updated in the cache on the server.
    To troubleshoot your problem, please follow the steps below:
    1.  Navigate to
     “X:\share\1-WebServices-1\ABfiles\000000000\000000000” folder. (ABS file share)
    You should see some photo files in this folder as the following screenshot.
    2. Delete all the files in this folder.
    3. On test PC, delete local cache files.
    %userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\[email protected]
    4. Sign-in Lync with the test account.
    5. Go back to the ABS file share, check if there is any Photo file in the folder.
    Best regards,
    Eric
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Windows Server 2012 R2 RDS: RDS Users are unable to delete files from their desktop

    Hello,
    We are working with Windows Server 2012 R2 RDS. We also implemented User Profile Disks. This is all working fine without problems. The only issue I have is that normal users are unable to delete files from their desktop. They are getting a message:
    you'll need administrator permission to delete this file, with the prompt for administrator access.
    They can edit, copy, rename, cut and paste files. But they cannot delete a file from their desktop.
    I checked the security permissions of the files on the desktop (for example a normal self-created PDF file) and the users are owner and have "Full Control" over the files.
    I checked the file permissions and took a look under "Advanced", selecting the specific domain user and checked the "Advanced Permissions" and the user has the "Delete" option checked. So he should be able to delete the
    file.
    I am guessing this is UPD related issue, or something in GPO. But I already unlinked the GPO objects, that I felt could be the source of this problem, but without results.
    Could someone give me a hint on where to look? It's kinda annoying to users, that they can't delete their own files.

    Hello Bria,
    What you should check first, is the NTFS permissions on the User Profile Disk to begin with. See if the user has full control over the items that are in the UPD.
    Also check the GPO's that are enabled for the user and computer account. You can check that by running: gpresult /h <path>\gpresult.html
    There are two GPO settings that could prevent the user from deleting his/her own items: 
    User
    Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows Explorer\
    Hide these specified drives in My Computer
    Prevent access to specified drives in My
    Computer
    There might be other GPO settings, that block deleting items on the UPD, but can't think of any out of my head.
    I can only think NTFS and GPO settings that might prevent the user from deleting items. In my case it was a GPO setting, that I didn't suspect.

  • PC Users are unable to check Outlook while my (mac) Mail is open

    Ever since I upgraded to 10.4, whenever I have my Mail application open, the PC users are unable to check their IMAP mail through Outlook. The PC Users and myself are all using different accounts, but are checking the same server.
    At first, this seemed like it was a coincidence... but then I shut my powerbook and they could check their again. I have to use a web mail client to check my email when I am on the network at work.
    Any ideas to resolve this issue? Mail is set to check every 5 minutes.

    AA8 and AA9 allow Reader Rights so the user can save the form. This is restricted by the license to 500 uses. In the long run, the only advantage of the Reader Rights is for your users, not for you. You can always import the data into the form and have the same result as they had in the form. It is not necessary to transmit the full form to you, only the data. If you were developing a web form that would likely exceed the 500 uses, you would have to negotiate a price with Adobe for Reader Rights (thousands of $$ should be expected).
    If saving is important in a company environment, not online, then you may want to read the EULA carefully as to the exceptions. You will still have to have at least AA8.
    I guess the printing problem was answered.

  • Not all users are displayed for log on after a reboot or startup...

    Problem summary: Not all users are displayed for log on after a reboot or startup...
    This problem only occurs after a fresh start-up or restart. The only users displayed are the initial (admin user) and "Guest". Two other (non-admin) users are not shown for log on.
    To work around this problem and get them to log on we have to log on as the admin user, then we can see the other users in the Fast User Switching menu (top right-hand corner of the screen), listed under the current logged on user. After selecting the non-admin user we can log in and use the laptop as normal.
    If we lock the screen, use fast user switching or log out all users; all users are available for log in, until a reboot is done; at which point the non-admin users disappear again and we have to log in as the admin user and use fast user switching again.
    The laptops are both brand new MacBook Airs. The initial configuration of Mac OS X Yosemite was done using the Apple ID of the purchaser (parent) and then the OS was patched, immediately, through the App store (no further updates available as of the date of this posting). After this Family Sharing was activated and new users set up for the two children who will be using these laptops.
    Has anybody else experienced this problem with Yosemite?
    Cheers,
    David.

    David,
    Users not enabled for FileVault unlock are only able to log into the computer after an unlock-enabled user has started or unlocked the drive. Once unlocked, the drive remains unlocked and available to all users, until the computer is restarted.
    FileVault has to be On.
    To Enable the users to be able to unlock FileVault Go to:
    System Preferences > Security & Privacy > FileVault ( Tab ) > Click the Lock in the bottom left > Put in your administrator password > Should see an option to Enable Users > Enable User.
    Hope that helps,
    Weston
    Supporting Articles,
    OS X: About FileVault 2 - Apple Support

  • We are unable to sign in to iMessages, wifi connection is fine but we get the error message, pls check your network connection

    we are unable to sign in to iMessages, wifi connection is fine but we get the error message, pls check your network connection.  Does anyone know how to fix this

    there has been a big problem with facetime and imessage. The best solution for this case is to restore your device http://support.apple.com/kb/HT1414
    Make sure you back it up. and I would set up facetime before you reinstall your backup and  make sure its working.

  • Everyone Except External users are unable to access the subsites

    We have a SharePoint online site, in which we have given read permissions to
    Everyone Except External Users in the parent site. Now, the users are able to access the parent site. But for sub sites, we have stopped inheriting permissions from the parent site and have given read permissions to Everyone Except External Users in
    sub sites as well. But users are unable to access the sub sites. They are getting access denied message.
    Can any one help me to resolve the problem?
    Thanks in advance!
    Anjani.

    Hi,
    Please check below links. They encountered similar issues and they had some assets (Page Layout or master page) checked out by users in sub site due to which users with read permission could not access.
    http://sharepoint.stackexchange.com/questions/75263/user-has-correct-permissions-for-subsite-but-access-is-denied
    http://sharepoint.stackexchange.com/questions/90478/prevent-access-denied-error-for-domain-users
    Hope it helps!
    Thanks,
    Avni Bhatt
    If this helped you resolve your issue, please mark it Answered

  • When will the Indian App Store be updated to Indian RBI Guidelines, because in India many of the users are unable to buy apps from Indian Debit Cards.

    Most of the users are unable to buy apps from Indian App Store. Pl. fix it

    We are fellow users here on these forums, we won't know if/when other payment cards might be added to the Indian iTunes store until if/when Apple announce something. Based on what some people have posted some Indian debit cards are still accepted e.g. Re: can i download from itunes using debit card in india ?.
    If you want to leave feedback for Apple then you can do so via this page : http://www.apple.com/feedback/

  • After site migration, users are unable to access the site, even though they have permissions, prompted to request access

    Not sure whats going on here...
    SharePoint WSS3.0  -> SharePoint 2013 Ent
    Used ShareGate migration tool.
    I migrated the site, and everything appears to be in place as expected.  Users and groups are all assigned just like before.
    But when users try to access the new site, they are prompted to request access.
    Some users are in AD groups, that are in SharePoint groups, and some users are direct members of SharePoint groups.  So far it seems to be groups with read or contribute access.  The owners seem to be able to access the site fine.
    This makes no since...?
    Any ideas?
    Joshua Fuente

    Thanks, I think I may have found the issue...  But it still odd, and I am still verifying if it is in fact the issue.
    The old site has a visitors group, that contains an AD security group.... But that AD security group contains a DL.  I know that's a problem... But it should also be a problem in the source site. (but its not)
    Only thing I can imagine is that at some point the user had direct access, and it was changed to AD group.  And then AD group was changed, and somehow SharePoint just didn't catch on.... (just a guess)
    In any case, I am having the users added to the AD security group to see if that works.
    But I will check out your script if that doesn't work. 
    Thanks!
    Joshua Fuente

  • Users are unable to print from Adobe Reader X

    Hi,
    Multiple users in our environment report that they are unable to print from Adobe Reader X. They receive the following error messages (translated from Dutch) Document cannot be printed. There are no pages selected.
    We are using Reader version 10.1.3
    What we have tried to resolve the issue (without any positive results):
    - Repair the installation of Adobe Reader.
    - Update Adobe Reader to the latest version for Vista (x86) (10.1.7)
    - Created new user profile for the affected users.
    The documents can be printed without any errors from Foxit Reader.
    At the moment we use the following workaround:
    Open the document in Internet Explorer, and then print the document from there.
    Does anyone have any idea how we can resolve this?
    Best regards,
    Duncan

    James,
    I'm sorry to hear that you were having the same problem under 9.5.  I had recently updated to Adobe Reader 10 under Windows 7 and yesterday my "default printer" simply disappeared from the options on my control panel.  I re-installed my printer, but today whenever I would open a PDF document and try to print it, the document would simply close with no further ado.  After a bit of trial and error, I ended up uninstalling Adobe Reader 10 and going back to Adobe Reader 9.5.  Now everything is working just fine. 
    nlncmjd

  • Users are unable to access Essbase data-corrupt group

    Someone moved a hyperion user to an ldap directory group that hyperion couldn't access which seems to have corrupted the group to which the ID belongs. I got rid of the ID but the users are still experiencing problems accessing essbase data. We have 9.3.1 and I have refreshed security filters and recycled many times. Does anyone have any suggestions? Should I reimport the secfile.txt?

    Where I need to check the logs in tbl Logs under Appserver?
    Well, I am unable to see complete input schedule. I have unprotected the sheet still there is data N38 but able to see before row 58. unable to expand.
    Kindly suggest.

  • Users are unable to login (HD is located on an AFP or SMB server message)

    I've searched on here, but nothing I've tried helps.
    This is only happening on certain machines in a building. They have all been re-imaged multiple times. Other machines in other buildings running the exact same setup work fine. It's a 10.4.7 client trying to login to a 10.3.9 server. They get the AFP or SMB error message. They can go to another machine in the building, and login, so it's not their account.
    The only thing that I've found will temporarily fix the problem is restarting the server. Right after it comes back up, they can login fine.
    I've triple checked their account settings, created brand new user accounts, we've re-imaged the machines, changed computer names (worked for half a day), trashed the DCHPleases file on the server, ran all updates on both clients and server.
    Help me!!!
    MacBook   Mac OS X (10.4.7)  

    This error msg means that the users area is stored on an AFP volume, ie the server which needs to be mounted onto the client mac before the user logins.
    What happens is the server boots up, and has share points, /Users for users area. the client then boots up and automounts this volume as /Network/Servers/servername/Users or close to that.
    Then a user logs into the login window, the server authenitcates the user and tries to grant them access to the Users volume, if this volume has been unmounted then they user cant get access to thier home folder and thus cant login
    This could be caused by network issues, switches, hubs, etc and the client has been cut off from the server, a reboot of the client mac should fix the issue. Then check your switches or hubs

  • Few users are not showing up in Corporate directory

    We have few users at a repote site who are not showing up in Corporate directory. they have UDP profile and they are logged in . i ahve compared the configration with other user of the same site who is showing up in corporate directory and config seems fine
    the User is LDAP integrated in CUCM  and not a local user
    the corporate directory is activated as default  parameter for entire cluster
    Please help if we have any further things to be checked ?

    There was a similar issue a couple weeks ago here
    https://supportforums.cisco.com/discussion/12343101/how-refresh-corporate-directory-cucm-91
    Did you check if the users are not listed if you are registered at the subscriber?
    this was the solution in that mentioned post:
    "worked with cisco we found that the issue only occurs when the phones are registered to the subscriber server...when the phone is registered to the publisher, the directory shows the current information. this indicates and issue with the database replication between the 2 servers.
    the databases have been reset and are replication is resyncing...this will take a couple of hours..."
    Eike

Maybe you are looking for