none
Recreated user cannot sign in to Lync 2013 RRS feed

  • Question

  • A user account was deleted from AD, but was unable to be recovered from the AD recycle bin.  As a result, a new AD account with the same account name and SIP address was created in AD, and that account was successfully linked with the old Exchange mailbox.

    However, this user cannot log in to Lync 2013.  I tried removing the user from Lync and adding him back in, but he still could not log in to Lync.  I then tried removing him again from Lync, running Update-CsUserDatabase, then enabling him in Lync again, but he still cannot log in.

    Running "Test-CsExStorageConectivity -verbose" against his sip address yields among the verbiage:

    x-ms-diagnostice: 20000005;reason="The MasterAccountSid doesn't match the SID claim.";error_category="invalid_user"

    Also, in the Lync Server log in the Event Viewer (under Applications and Services Logs), there are Event ID 30020 warnings starting with "A user URI is already being used by another valid user in the database.  Resolve the conflict by using a URI that isn't already taken, or deleting one of the users from AD."

    Is that user's original SID stuck in Lync somewhere even though I've deleted and re-added him to Lync?  How do I resolve this?

    Thank you very much for your help.


    Tuesday, March 26, 2019 12:49 PM

All replies

  • Hi Logan Burt,

    According to your description and the errors your provided, I suggest you could try to check the attributes of this user in the AD: 
    objectSid
    telephoneNumber
    mail
    displayName
    isDeleted
    msRTCSIP-OriginatorSid
    msRTCSIP-PrimaryUserAddress
    msRTCSIP-PrimaryHomeServer
    msRTCSIP-UserEnabled
    msRTCSIP-FederationEnabled
    msRTCSIP-InternetAccessEnabled
    msRTCSIP-ArchivingEnabled
    You could compare those attributes with other users. 

    In addition, please also try to check whether you have assigned this SIP address to another user, you could run Get-CsUser -identity user to check it. You could refer to the following blog to find the details about User Peplicator: Understanding User Replicator in Lync Server 2013 and Skype for Business Server 2015

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, March 27, 2019 6:04 AM
    Moderator
  • Thank you very much for your reply.

    This SIP address was first assigned to the original AD account for this user; it had never been used in our organization before that.  I think that the CsUser account is still associated with the SID from the original AD account rather than being recreated.  That is why I removed the CsUser and re added him, but it still doesn't connect.

    I compared the fields you mentioned to a working user, and they were the same other than the individuals' name, SID, etc.

    Thank you very much again.

    Wednesday, March 27, 2019 6:40 PM
  • Hi Logan Burt,

    According to your description, it seems the user is not deleted in the SFB server. Before you recreate the user, I suggest you could try to run the following command to confirm whether this user has been deleted: Get-CsUser -Identity UserName. If you could get the user, then run Disable-CsUser -Identity UserName. After this, please wait for some time then try to recreate the user again. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, March 29, 2019 7:35 AM
    Moderator
  • Thank you both for your replies.

    I actually had confirmed that the user was deleted as you suggested.

    The fix turned out to be that I needed to run the Update-CsUserDatabase from all three servers in the front-end pool.  Since the database resides on the back-end SQL mirror, I don't know why I had to run the update cmdlet on each FE server, but the user could access Lync after I did so.

    Thanks again for your help; it is much appreciated.

    Friday, March 29, 2019 8:44 AM
  • Hi Logan Burt,

    Thanks for your sharing about this, it may not sync the user data between Lync database and the data in AD, it should be sync every 60 seconds normally. Anyway, the issue could be fixed by the way you shared. 

    In addition, please kind to mark your reply as an answer, it will help others who have the similar issue.


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, April 2, 2019 8:01 AM
    Moderator
  • Hi Logan Burt,

    Do you have any further issue on this topic?
    If there is no issue, please remember to mark helpful reply as answer to close the thread. Your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, April 4, 2019 2:03 AM
    Moderator