locked
Skype for Business Server 2019 - System.UnauthorizedAccessException RRS feed

  • Question

  • Windows Server 2019 running Skype for Business Server 2019
    Windows Server 2012 R2 with the Active Directory

    I am trying to deploy a Standard Skype for Business Server and am hitting the following error when publishing the topology:

    Error: An error occurred: "System.UnauthorizedAccessException" "Attempted to perform an unauthorized operation."

    I have tried running the topology builder as administrator and tried running the Install-CsDatabase command in the management shell with the same error each time as per the below log:

    Root domain: xxxxxx.com
    Root domain: xxxxxx.com
    Filter: (&((ObjectCategory Equal person)(ObjectClass Equal user)(Sid Equal xxxxxxxxx)))
    Found
    User: CN=Skype,CN=Users,DC=xxx,DC=com
    Group security identifier (SID): xxxxxxxxx
    HasToken: True
    Check Groups
    Error: An error occurred: "System.UnauthorizedAccessException" "Attempted to perform an unauthorized operation."
    Error: Attempted to perform an unauthorized operation.

    ▼ Details 
    └ Type: UnauthorizedAccessException 
    └ ▼ Stack Trace 
        └   at Microsoft.Win32.RegistryKey.Win32ErrorStatic(Int32 errorCode, String str) 
    at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey, String machineName, RegistryView view) 
    at Microsoft.Rtc.Management.Deployment.InstallDatabaseCmdlet.checkAndAddTraceFlag(String sqlServer, String instanceName) 
    at Microsoft.Rtc.Management.Deployment.InstallDatabaseCmdlet.ExecutePlan(String host) 
    at Microsoft.Rtc.Management.Deployment.InstallDatabaseCmdlet.CreateDatabasesForCMS(String sqlServer, String instanceName, Boolean collocated) 
    at Microsoft.Rtc.Management.Deployment.InstallDatabaseCmdlet.CreateDatabases() 
    at Microsoft.Rtc.Management.Deployment.InstallDatabaseCmdlet.InternalProcessRecord() 
    at Microsoft.Rtc.Management.Deployment.DeploymentCmdlet.CmdletProcessRecord() 

    After reading multiple posts relating to this, I made sure that the user account on the AD has all the permissions necessary and was a member of: Administrators, CSAdministrator, Domain Admins, Enterprise Admins, RTCUniversalServerAdmins, Schema Admins.

    I also check that on the FE server that the user I am logged in as from the AD (skype) is an administrator by checking: localgroup administrators and verified the user appeasrs in the listed members.

    Finally using SQL management studio, I verified I could login to the SQL database rtc and that the under logins the account was listed and had selected all server roles. I even changed the SQL server properties to allow server authentification by: SQL Server and Windows Authentification mode.

    Any ideas what is causing this to fail each time?

    Tuesday, May 21, 2019 2:19 PM

All replies

  • Hi willwoo,

    For this issue, please also try to check the permission of SFB File Share folder, make sure you have grant Full Control access to the following group: RTCHSUniversalServices, RTCComponentUniversalServices, RTCUniversalServerAdmins, RTCUniversalConfigReplicator.

    In addition, according to the official document, If you are installing Windows Admin Center 2019 on your Windows Server 2019 machine, it will prompt you for a port to listen on. There's a liklihood you might choose port 443, but if that machine has Skype for Business Server 2019 installed on it, or is going to have Skype for Business Server 2019 installed on it, then you must choose a different port number. Please mark sure you do not have this issue. Details please refer to System requirements for Skype for Business Server 2019

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 22, 2019 6:39 AM
  • Hi Evan, thanks for the reply with this.

    The SFB File share is also open to all those groups you mentioned with full control. I will also note that Windows Admin Center is not installed on the Windows Server 2019 machine.

    I have double checked the system requirements and the Windows Server 2019 meets all the requirements and has all the necessary programs installed. 

    Any other ideas as to why this could be failing?

    Thanks!

    Wednesday, May 22, 2019 10:03 AM
  • Hi willwoo,

    Did you install deploy Monitoring/Archiving in your environment. The Monitoring/Archiving database can’t be collocated on the SE Server, if you do this, this issue may be occurred.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by woshixiaobai Monday, May 27, 2019 6:42 AM
    Friday, May 24, 2019 8:47 AM
  • Hi willwoo,

    Is there any update for this issue? If the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, May 28, 2019 2:20 AM
  • Hi Evan, no there is no Monitoring / Archiving in the environment, this is just the first stage of setting up the deployment and publishing the initial topology  
    Tuesday, May 28, 2019 8:23 AM
  • Hi willwoo,

    Please also try to check whether the name of FQDN you specify for the pool matches the server name FQDN in your environment, make sure they are same for the SE Server. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by woshixiaobai Tuesday, May 28, 2019 9:31 AM
    • Proposed as answer by woshixiaobai Wednesday, May 29, 2019 2:51 AM
    Tuesday, May 28, 2019 9:31 AM
  • Hi willwoo,

    Do you have any further issue on this topic?
    If there is no issue, please remember to mark helpful reply as answer to close the thread. Your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, May 30, 2019 8:13 AM
  • Hi Evan,

    This issue still hasn't been resolved - I have tried reinstalling SfB (with the June update) however it still seems to be failing with the same error when I try to publish the topology. 

    As this is a standard deployment with no pool, the FQDN is correct and points back to the FE server.

    The SQL Server store is the FQDN\rtc (which was auto generated with the deployment wizard using 'Prepare first Standard Edition server' step).

    Any other ideas as to what is going wrong here?

    Tuesday, July 16, 2019 3:36 PM
  • I am having the same issue here. Did you ever get it resolved?
    Friday, August 2, 2019 3:18 PM