none
Active Directory error "-2147016672" RRS feed

  • Question

  • Hi,

    I am creating a script in ASP.NET C# to invoke cmdlets from Lync Server.

    I want just list a user : Get-CsUSer and when i run the script i received the follow error code:

    Active Directory error "-2147016672" occurred while searching for domain controllers in domain .

    I run my script from my local machine developer (it is remote) to the server. The script is :

    Runspace remoteRunspace = null;
                openRunspace("servidor:5985/wsman", "http://schemas.microsoft.com/powershell/Microsoft.PowerShell",
                     @"\user", "senha", ref remoteRunspace);
                
                using (PowerShell powershell = PowerShell.Create())
                {
                    powershell.Runspace = remoteRunspace;
    
                    powershell.AddScript("Import-Module Lync"); //funciona
                    powershell.Invoke();
    
                    Pipeline pipeline = remoteRunspace.CreatePipeline();
                    string remoteScript = "Get-CsUser -Identity mmiranda";
                    pipeline.Commands.AddScript(remoteScript);
    
                    Collection<PSObject> results = pipeline.Invoke();
    
                    remoteRunspace.Close();
    
                    return results;
    
                }
    
    public static void openRunspace(string uri, string schema, string username, string livePass, ref Runspace remoteRunspace)
            {
                System.Security.SecureString password = new System.Security.SecureString();
                foreach (char c in livePass.ToCharArray())
                {
                    password.AppendChar(c);
                }
                PSCredential psc = new PSCredential(username, password);
                WSManConnectionInfo rri = new WSManConnectionInfo(new Uri(uri), schema, psc);
                //rri.AuthenticationMechanism = AuthenticationMechanism.Default;
                //rri.AuthenticationMechanism = AuthenticationMechanism.Kerberos;
                //rri.AuthenticationMechanism = AuthenticationMechanism.Basic;
                //rri.NoEncryption = true;
                rri.ProxyAuthentication = AuthenticationMechanism.Negotiate;
                remoteRunspace = RunspaceFactory.CreateRunspace(rri);
                remoteRunspace.Open();
    
    
            }

    i don't know what to do anymore.

    Help me.

    My e-mail gersonczjr@hotmail.com

    thx

    Friday, September 14, 2012 12:40 PM

All replies

  • Look at this blog post: http://gotspeechguy.com/2012/01/05/remote-powershell-and-lync/

    .

    Drago


    http://www.lynclog.com

    Friday, September 14, 2012 12:48 PM
  • I tried it and the error persist.

    Thanks

    Now the error is :



    'remoteRunspace.InitialSessionState' threw an exception of type 'System.Management.Automation.PSNotImplementedException'

    {Não é possível realizar a operação porque a operação "NewNotImplementedException at offset 143 in file:line:column <filename unknown>:0:0
    " não está implementada.}

    ((System.Management.Automation.ParentContainsErrorRecordException)(((System.Management.Automation.PSNotImplementedException)(remoteRunspace.Debugger)).ErrorRecord.Exception))
    • Edited by gersonczjr Saturday, September 15, 2012 2:44 PM
    Friday, September 14, 2012 2:20 PM
  • Hi,gersonczjr

    Would you please verify that the user account you used has all the required permission?

    Would you please use DCDiag tool to check the DC connectivity?

    Although I am not very familar with scripts,I remeber I have seen a similar case with running Get-CsUser using C# is fixed by called Enable-PsRemoting on ther server,you can try it to see if it also works for you.

    Regards,

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    Monday, September 17, 2012 8:19 AM
    Moderator
  • Hi Sharon,

    I did that in Lync Server, executing command Enable-PSRemoting on windows Power Shell and Windows Power Shell (x86) and not resolved.

    What i can do?

    DC is in one server and Lync is in another server (machine).

    Monday, September 17, 2012 1:02 PM
  • Sorry,I am getting stuck now.Will do further research if I found any information will let you know.

    Regards,

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    Tuesday, September 18, 2012 9:36 AM
    Moderator
  • I am facing the same issue, 

    If PS-Remoting is enabled, no Lync commands can be ran. 

    Tuesday, November 11, 2014 5:26 PM
  • This is very old, but I came across this thread when I was trying to solve a similar issue.  I believe this is the "dreaded" double-hop delegate credential issue.  I believe PowerShell is not setup to pass your credentials to the remote computer and is trying to run everything from the local context. CredSSP has to be enabled on the client and the server to allow your credentials pass through the remote session.

    This may not be specifically tied to C#, but it should get PowerShell remoting working, so that your C# script should work.

    From the server:

    Enable-WSManCredSSP -Role server

    From the client:

    Enable-WSManCredSSP -Role Client -DelegateComputer *

    If the Enable command doesn't work on the client, I believe WinRM has to be enabled first.  Go to Services, Locate "Windows Remote Management (WS-Management)" and start the service.  Now try to re-run the enable command on the client.

    Note, DelegateComputer can be used to make sure that you are only passing Credentials to the appropriate computer(s).  In this case, we are specifying that any computer is okay, you may want to isolate it to only specific servers or domains.

    Once CredSSP is successfully setup, attempt to create your PowerShell remote session again.  However, this time, set the authentication to CredSSP.

    $lyncSession = New-PSSession -ComputerName <Server Name> -Credential (Get-Credential) -Authentication Credssp

    You may continue to have problems if you don't have the appropriate rights to run PowerShell commands.  At this point, add your account to RTCUniversalServerAdmins in Active Directory.  I have heard RTCUniversalServerReadOnlyGroup works as well, but I have not tested it.

    More Information on that here: Group membership requirements for Lync

    • Proposed as answer by AndyHJ Wednesday, January 6, 2016 3:00 PM
    Wednesday, January 6, 2016 2:59 PM
  • We still encounter the same problem. DC and lync server are on different servers.

    If we call Get-CsRgsAgentGroup in a powershell on the lync server we get the correct response but if i create a pssession to the lync server we get the Active Directory error "-2147016672".

    Remote-pssession is enabled and Enable-WSManCredSSP has run on both local pc and remote server.

    We also have added the user to the RTCUniversalServerAdmins but still no luck. also the authentication of the pssession has been set to Credssp
    Thursday, January 14, 2016 12:55 PM
  • Thank you! Your information helped me and solved my problem.
    Friday, February 22, 2019 12:42 PM