locked
Skype For Business Server Control Panel Cannot be accessed when i Input my office 365 Admin credentials RRS feed

  • Question

  • I can sign in to the O365 Portal, use SFB client and the POwershell.  When I try to access the Control panel of my SFB Server it asks for my office 365 credentials..but I get the error message: Get-CsWebTicket : Exception of type
    "Microsoft.LiveID.IDCRL.IDCRLException" was thrown.  I cannot access the control panel
    Thursday, September 22, 2016 8:35 AM

Answers

  • You would want to log into the control panel for SFB Server using on-premises credentials using an account that's a member of the AD group CSAdministrator.  If you're already logged in and trying to move a user, my experience is that PowerShell is more solid for this due to override domain settings that are occasionally necessary.

    Please remember, if you see a post that helped you please click "Vote" on the left side of the response, and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, SWC, their employees, or other MVPs.

    • Proposed as answer by jim-xu Friday, September 23, 2016 12:04 PM
    • Marked as answer by jim-xu Tuesday, October 11, 2016 7:40 AM
    Thursday, September 22, 2016 3:30 PM

All replies

  • Hi RM_0224 

    Could you give us more details about the environment, like do you have a hybrid environment ? and hence you are trying tologin to both onpremise and online control panel 


    Linus || Please mark posts as answers/helpful if it answers your question.

    Thursday, September 22, 2016 11:37 AM
  • You would want to log into the control panel for SFB Server using on-premises credentials using an account that's a member of the AD group CSAdministrator.  If you're already logged in and trying to move a user, my experience is that PowerShell is more solid for this due to override domain settings that are occasionally necessary.

    Please remember, if you see a post that helped you please click "Vote" on the left side of the response, and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, SWC, their employees, or other MVPs.

    • Proposed as answer by jim-xu Friday, September 23, 2016 12:04 PM
    • Marked as answer by jim-xu Tuesday, October 11, 2016 7:40 AM
    Thursday, September 22, 2016 3:30 PM
  • Yes its a Hybrid environment, simply logging into the SFB server control panel gave me that error.  I can log in fine to the office 365 portal, but accessing the SFB Server control panel is not possible.
    Monday, September 26, 2016 1:25 AM
  • Its logging in to the online control panel
    Monday, September 26, 2016 1:42 AM
  • Fresh install, here is a snippet from the msoidsvc trace log, bolded the line items standing out as suspicious:

     Initializing configuration manager...@passportclientlibrary.cpp_315
     +CSessionAppSettingsMap.SetAppSettings()@appconfig.cpp_26
     +CAppConfigSettings.SetOptions()@AppConfig.h_53
     +CONFIGDATA::SetOptions()@clientconfig.cpp_148
     Skipping unknown IDCRL option (64). hr=00@clientconfig.cpp_293
     -CONFIGDATA::SetOptions=0x0
     -CAppConfigSettings.SetOptions=0x0
     +CSessionAppSettingsMap.GetRPCClientAppKey()@appconfig.cpp_175
    -CSessionAppSettingsMap.GetRPCClientAppKey=0x0
    -CSessionAppSettingsMap.SetAppSettings=0x0
    +CClientConfigDataCacheManager::Initialize(dwFlags=0x1)@clientconfig.cpp_991
    +GetFileVersion()@util.cpp_2455
    -GetFileVersion=0x0
    +CClientConfigDataCacheManager::SetOptions()@clientconfig.cpp_2683
    +CONFIGDATA::SetOptions()@clientconfig.cpp_148
    Skipping unknown IDCRL option (64). hr=00@clientconfig.cpp_293
    -CONFIGDATA::SetOptions=0x0
    Option IDCRL_OPTION_ENVIRONMENT with value 'production'. @clientconfig.cpp_2737
    -CClientConfigDataCacheManager::SetOptions=0x0
    Environment: 'production'. @clientconfig.cpp_1084
    +CClientConfigDataCacheManager::CheckIdcrlDirs(nFolder=28, fCreate=0)@clientconfig.cpp_1442
    -CClientConfigDataCacheManager::CheckIdcrlDirs=0x0
    +CClientConfigDataCacheManager::CheckIdcrlDirs(nFolder=26, fCreate=0)@clientconfig.cpp_1442
    -CClientConfigDataCacheManager::CheckIdcrlDirs=0x0
    +CClientConfigDataCacheManager::CheckIdcrlDirs(nFolder=28, fCreate=1)@clientconfig.cpp_1442
    -CClientConfigDataCacheManager::CheckIdcrlDirs=0x0
    +CClientConfigDataCacheManager::CheckIdcrlDirs(nFolder=28, fCreate=1)@clientconfig.cpp_1442
    -CClientConfigDataCacheManager::CheckIdcrlDirs=0x0
    +CClientConfigDataCacheManager::LoadConfiguration()@clientconfig.cpp_1338
     ReadRegConfigURL failed with hr=80070002. IDCRL will use production URL as default.@clientconfig.cpp_1357
    Monday, September 26, 2016 2:04 AM
  • Are you a global admin of your O365 tenant?  Can you describe how you are accessing the control panel?

    Please remember, if you see a post that helped you please click "Vote" on the left side of the response, and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, SWC, their employees, or other MVPs.

    Monday, September 26, 2016 4:00 PM
  • Have you found a solution to this issue ? I have exactly the same issue.  I am not able to login to my Office 365 tenant from SfB server Control Panel  Sign to Office 365 . I have no proxy involved.  From the server I can login via Powershell and via O365 web portal ... .

    Friday, November 4, 2016 9:01 AM
  • Hi, I have exactly the same as gmiga76. Efectively I can signin via Power Shell and move users to SfB online, but via the Control Panel of SfB Front End, with the same Global Admin, I can't signin. Can anyone help us?

    Thanks in advanced and Regards

    Nick

    Saturday, November 12, 2016 6:16 AM
  • Hi All,

    Brook Zhang from Microsoft foud the answer to this issue :

    In addition, the required permissions for NETWORK SERVICE are:
    Read Attribute on %windir%\System32\config\systemprofile\AppData\Local
    Full Control on %windir%\System32\config\systemprofile\AppData\Local\Microsoft\MSOIdentityCRL

    If the permissions are not correctly set on your side, please correct them. After correcting the permissions, recycle the LyncIntManagement IIS Application Pool to ensure it clears the MSOIDCLI state.

    Yann

    • Proposed as answer by sdbyrd Tuesday, August 6, 2019 2:48 PM
    Wednesday, November 30, 2016 1:04 PM
  • Thank you @RDR Helpdesk for reposting the resolution for this issue!  This should be included in any tutorials when setting up Skype for Business Hybrid!!
    Tuesday, August 6, 2019 2:47 PM