none
Unable to move user between two LYNC Pools

    Question

  • Hi

    I have a Lync Topology that includes three Lync Sites, every site have a single EE Front-End server.
    I couldn't lync users between two deifferent pools.

    when I try it, I get the following error:

    Move-CsUser : Unable to connect to some of the servers in pool "mh.corp.comp.com" due to a Distributed Component Object Model (DCOM) error.  Verify that
    Front End service is running on servers in this pool. If the pool is set up for
     load balancing, verify that load balancer is configured correctly.
    At line:1 char:32
    + Get-CsUser uccadm | Move-CsUser <<<<  -Target tjp.corp.comp.com
        + CategoryInfo          : InvalidOperation: (CN=uccadm,OU=Sp...comp,DC
       =com:OCSADUser) [Move-CsUser], MoveUserException
        + FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.Mo
       veOcsUserCmdlet

    I already tried to set  Cross Database ownership Chaining on the databases and to edit the permissions on the RTC DCOM in the FE servers, without any change.

    Please help me.
    many thanks,

    Itzik.

    Wednesday, December 12, 2012 7:19 PM

Answers

  • Hi All

    The problem has been solved.

    The error acoured occured  due to CheckPoint Smart Defence (IPS) bad configuration in the customer's FW.

    telnet for port 135 was passed but in the Application level we got the deny&drop.

    Thanks Saleesh&Sean about your help :)

    Itzik.

    • Marked as answer by Itzik Tzadaka Sunday, December 16, 2012 2:42 PM
    Sunday, December 16, 2012 2:42 PM

All replies

  • Hi ,

    Few check points;

    • DCOM port 135 is reachable between pools.
    • Try to force move a test user and check the status.
    • Cross check the permission 

    Thanks

    Saleesh


    If answer is helpful, please hit the green arrow on the left, or mark as answer.

    Thursday, December 13, 2012 1:02 AM
  • Hi Saleesh

    Thanks for your reply.

    Force move is works, Port 135 is open betweeb the FE servers.

    Whats mean "Cross check the permission"?

    Since the force move is works, I guess the problem is in the SQL..

    thanks again.

    Itzik

    
    
    
    
    Thursday, December 13, 2012 8:24 AM
  • Hi,

    Please try to Add RTCUniversalServerAdmins group to the Local Administrators group of every front-end servers in the two pools. Add the account which you use to move the users to the RTCUniversalUserAdmins AD group. Try to move the Lync user again.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sean Xiao
    TechNet Community Support

    Thursday, December 13, 2012 8:54 AM
    Moderator
  • Hi Sean

    Thanks for your help.

    my user acount is a member of RTCUniversalServerAdmins, I also tried to add this group to the local admins of the servers.

    but the move-csuser still not works

    I able to move the user from OCS pool to Lync Pool, but not to a Lync pool

    I remind that my pools located in a different sites.

    there is any ports other from 135, 139, 445 that I need for the DCOM connection / operation?

    thanks

    Itzik

    Thursday, December 13, 2012 7:23 PM
  • Hi All

    The problem has been solved.

    The error acoured occured  due to CheckPoint Smart Defence (IPS) bad configuration in the customer's FW.

    telnet for port 135 was passed but in the Application level we got the deny&drop.

    Thanks Saleesh&Sean about your help :)

    Itzik.

    • Marked as answer by Itzik Tzadaka Sunday, December 16, 2012 2:42 PM
    Sunday, December 16, 2012 2:42 PM
  • IF anyone else comes across this issue, for me it was the Local Security Policy, Local Policies, Security Options: where they had modified the two DCOM policies.  I don't have another L2010 system to compare to, but I ended up adding Network Service and RTCUniversalServerAdmin with Full Allow on everything.  I'm wanting to retire this old system so I didn't spend time screwing around.

    My scenario, no HLB'ers, just two Lync 2010 Standard Editions in two sites, and stood up a Lync 2013 SE, and we couldn't migrate the test account to L2013 or the other L2010 SE.

    Friday, October 25, 2013 9:35 PM
  • Hi,  see before ?

    Move-CsUser : Distributed Component Object Model (DCOM) operation CompleteMoveAway failed "-1007781552".

    Move-CsLegacyUser : Verify that WMI provider is installed by running OCSWMIBC.MSI. For details, see the inner exception.
    • Edited by HeMou Wednesday, February 5, 2014 11:00 AM
    Wednesday, February 5, 2014 10:44 AM