locked
Move-CsUser Error RRS feed

  • Question

  • Hello,

    I'm working in a o365 hybrid configuration. The company I'm helping originally deployed e3 & e5 licenses in the cloud to all users. All S4B, Exchange, Sharepoint, etc services were initially in the cloud. They recently decided to build a S4B environment on prem to use on prem conferencing rather than in the cloud. I've setup a hybrid config between their o365 tenant and their on prem S4B environment.

    I was able to use the 'Move-CsUser' cmdlt to move a S4B account in the cloud to the on prem envionrment. The user was able to schedule a conference and we did some testing. The company is not ready to move all users to the on prem environment and they asked that I moved the account back. I tried another 'Move-CsUser' command to try to move the account we moved to the on prem environment, but I'm getting an error.

    Here is the command I'm trying to run to move the account back to the cloud:

    $cred = get-credential (store o365 creds in this variable)

    Move-CsUser -Identity "user1@company.com" -Target "sipfed.online.lync.com" -Credential $cred -HostedMigrationOverrideUrl https://admin1a.online.lync.com/HostedMigration/hostedmigrationservice.svc -ProxyPool "skypepool.company.com"

    Here is the error I get when running the command:

    Move-CsUser : Rollback from Unified Contact Store failed for user:

    user1@company.com with exception: #CTX#{ctx:{traceId:680274590, activityId:"5cbc6ab0-6230-40f6-b3c5-16a638c41bd8"}}#CTX#Access Denied

    At line:1 char:1

    + Move-CsUser -Identity "user1@company.com" -Target

    "sipfed.online.lync.com"  ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~

        + CategoryInfo: InvalidOperation: (CN=User 1,...companyDC=com:OCSADUser) [Move-CsUser], RollbackException

        + FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet

    The company has ADFS deployed and the replication timer for ADFS is set to 30 mins. We've tried deleting the SIP profile on the user's PC, but that did not work. I haven't tried using the S4B Control Panel to move the account rather than PowerShell, so that is something we will try in the morning as it is close to 10pm currently.

    Any help is appreciated.

    Thanks,

    Josh


    Josh Crabtree UC Engineer

    Thursday, May 18, 2017 1:50 AM

Answers

  • Hi Joacrabt,

    Based on your description, I understand that when you want to move user from SFB on premise to SFB online.

    Regarding this issue, is that only appeared on the specific user?

    Please check the septs for migrating users, the following blog is for your reference
    https://technet.microsoft.com/en-us/library/jj204969.aspx

    Moreover, the following blog describes the same error during the migration, please refer to
    https://tsoorad.blogspot.sg/2017/03/reverse-o365-sfbo-migration-failure.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Joacrabt Friday, May 19, 2017 6:29 PM
    Friday, May 19, 2017 5:55 AM

All replies

  • Hi Joacrabt,

    Based on your description, I understand that when you want to move user from SFB on premise to SFB online.

    Regarding this issue, is that only appeared on the specific user?

    Please check the septs for migrating users, the following blog is for your reference
    https://technet.microsoft.com/en-us/library/jj204969.aspx

    Moreover, the following blog describes the same error during the migration, please refer to
    https://tsoorad.blogspot.sg/2017/03/reverse-o365-sfbo-migration-failure.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Joacrabt Friday, May 19, 2017 6:29 PM
    Friday, May 19, 2017 5:55 AM
  • Alice,

    Thanks again for your help. As the blog below stated, we basically tried to move the account before AAD had synced it between online and onprem:

    https://tsoorad.blogspot.sg/2017/03/reverse-o365-sfbo-migration-failure.html

    We tried the same 'Move-CsUser' command the next day and it worked perfectly fine.

    I have another, semi-related question to moving accounts online to on-prem. I was using the Skype Hybrid Handbook as a reference, specifically Ch 11, to move online users to on-prem:

    https://gallery.technet.microsoft.com/Skype-for-Business-Hybrid-9218205e

    I noticed the first step was to run the command below in PowerShell to enable the user on-prem before the move:

    Enable-CsUser -Identity "<username>" -SipAddress sip:<username>@<domain> HostingProviderProxyFqdn "sipfed.online.lync.com"

    Does this step have to be done via PowerShell, or is there some way to do this via the GUI? It looks as though this will need to be done for everyone who moves from online to on-prem, correct? Or am I not understanding the migration process correctly?

    Thanks,
    Josh


    Josh Crabtree UC Engineer

    Friday, May 19, 2017 6:29 PM
  • Hi Josh,

    This has to be done via PowerShell. It's a requirement so that the on-premises environment is "aware" of these user accounts that actually exist in Skype for Business Online. As soon as you run this against your users, you will see these users appear in the on-premises Skype for Business Control Panel, homed to Skype for Business Online. You can run this step well in advance of actually moving users back to on-prem.

    One gotcha to be aware of. Make sure you re-run AAD setup again after you run Enable-CsUser against your SfB online user accounts. If you don't, you may not be syncing this additional configuration to Azure AD, and migrations will not work. You'll receive the error "Index was outside the bounds of the array" or similar.

    Cheers,

    Damien

    dmunified.com

    Saturday, May 20, 2017 12:39 AM
  • Damien,

    Thanks for this info. 

    Is there a guide for the AAD setup that needs to be re-run? Sorry, but the company I'm working with deployed AAD themselves and I haven't done an AAD deployment on my own yet.

    Thanks,

    Josh


    Josh Crabtree UC Engineer

    Saturday, May 20, 2017 8:04 PM
  • Hi Joacrabt,

    Please refer to the following blog

    https://blogs.technet.microsoft.com/canitpro/2015/07/13/step-by-step-setting-up-the-new-azure-active-directory-connect/


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 22, 2017 9:42 AM
  • Hello,

    in my case,when i ran get-cshostingprovider command, the AutodiscoverURL was emtpy.

    After I run:

    Set-CsHostingProvider -Identity lynconline -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

    The user move went without problem.

    Hope it helps

    Sunday, June 25, 2017 4:42 PM