none
Trouble creating new front end pool on SfB 2019 RRS feed

  • Question

  • I'm currently trying to migrate from SfB 2015 on prem to SfB 2019 on prem.  My SfB 2019 is running on Server 2019.  All prerequisites have been installed.  I am a member of the CsAdministrator and RTCUniversalServerAdmins domain groups. Ran topology builder to create new front end pool on my SfB 2019 server successfully.  When running the deployment wizard, step 2, to install the components on the SfB 2019 server I am receiving the following error:

    MSI name: Server.msi

    MSI features: Feature_Server, Feature_HealthAgent

    MSI result: 1603

    Error: Error returned while installing Server.msi(Feature_Server, Feature_HealthAgent), code 1603. Error Message: A fatal error occurred during installation. 

    The corresponding lines in the log file are:

    MSI (s) (04:F8) [13:20:16:485]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIF940.tmp, Entrypoint: SetDCOMSecurity

    MSI (s) (04!54) [13:20:16:923]: Product: Skype for Business Server 2019, Front End Server -- Error 27693. Error 0x80004005 (Unspecified error) setting launch conditions on DCOM layer during action SetDCOMSecurityEx.

    CustomAction CA_SetDCOMSecurity returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

    06/20/2019 13:20:16.923 [7684]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393

    So I think it relates to some permission issue in DCOM but I don't know what to look for.  Any help would be appreciated.

    Thursday, June 20, 2019 7:42 PM

Answers

  • The issue turned out to be that the group policy applied to the domain controllers did not allow the Everyone group access in the setting "Network access: Restrict clients allowed to make remote calls to SAM"
    • Marked as answer by KSCHA Friday, June 28, 2019 3:01 PM
    Friday, June 28, 2019 3:01 PM

All replies

  • Hi KSCHA,

    According to the error you provided, it seems this issue is more related to the permission in DCOM.

    For this issue, I suggest you could follow the steps below to check the permission:
    On the FE Server, fire up dcomcnfg, then expand: Component Services, Computers, My Computer, DCOM Config. After this, search RTC Store Access Interface Class, then right click and choose properties -> Security -> Launch and Activation Permissions -> Edit, make sure you have added the following groups: RTC Local Administrators, RTC Local User Administrators and RTC Server Local Group. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, June 21, 2019 5:22 AM
    Moderator
  • Thank you for the reply.  Unfortunately the RTC Store Interface Class does not yet exist on this server.
    Friday, June 21, 2019 2:48 PM
  • Hi KSCHA,

    Did you follow the steps in the blog to deploy SFB Server? 

    Please check the steps you have done. In addition, please try to check whether there're some Event errors in the FE Server. 


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, June 26, 2019 7:13 AM
    Moderator
  • Hi KSCHA,

    Is there any update for this issue?

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by KSCHA Friday, June 28, 2019 2:59 PM
    • Unmarked as answer by KSCHA Friday, June 28, 2019 2:59 PM
    Friday, June 28, 2019 8:54 AM
    Moderator
  • The issue turned out to be that the group policy applied to the domain controllers did not allow the Everyone group access in the setting "Network access: Restrict clients allowed to make remote calls to SAM"
    • Marked as answer by KSCHA Friday, June 28, 2019 3:01 PM
    Friday, June 28, 2019 3:01 PM