none
Lync Control Panel will not start RRS feed

  • Question

  • Hi, after completeing the full Lync Server installation, I tried to start up the Lync Control Panel. This presents me with the following error :

    HTTP Error 403.14 - Forbidden

    The Web server is configured to not list the contents of this directory.

    Any idea what is going wrong ? Thanks for your help !!!!!!!!

    Tuesday, September 21, 2010 4:48 PM

Answers

  • How are you attempting to connect to the control panel?

    Try

    https://Server.domain.com/cscp

    Did you configure a simple URL for the control panel? 

    Is the DNS set up to point that url to the appropriate server?

    Did it prompt for a login?  Was the login you used a member of the CSAdministrator group?

    • Proposed as answer by iTommyClarke Tuesday, September 21, 2010 5:20 PM
    • Marked as answer by TOKN Tuesday, September 21, 2010 5:40 PM
    Tuesday, September 21, 2010 4:59 PM

All replies

  • Hi,

    I just finished installing Lync server. After the ninstallation I try to start up the CP but I get this error :

    HTTP Error 403.14 - Forbidden

    The Web server is configured to not list the contents of this directory.

    Any idea what is going wrong here ? Many thanks for your help !!!!!!

    • Merged by Ben-Shun Zhu Wednesday, September 22, 2010 6:28 AM Questions are same
    Tuesday, September 21, 2010 4:52 PM
  • How are you attempting to connect to the control panel?

    Try

    https://Server.domain.com/cscp

    Did you configure a simple URL for the control panel? 

    Is the DNS set up to point that url to the appropriate server?

    Did it prompt for a login?  Was the login you used a member of the CSAdministrator group?

    Tuesday, September 21, 2010 4:59 PM
  • How are you attempting to connect to the control panel?

    Try

    https://Server.domain.com/cscp

    Did you configure a simple URL for the control panel? 

    Is the DNS set up to point that url to the appropriate server?

    Did it prompt for a login?  Was the login you used a member of the CSAdministrator group?

    • Proposed as answer by iTommyClarke Tuesday, September 21, 2010 5:20 PM
    • Marked as answer by TOKN Tuesday, September 21, 2010 5:40 PM
    Tuesday, September 21, 2010 4:59 PM
  • You are a genius my friend !!!! The

    https://Server.domain.com/cscp works ! And yes it asks me for a Login.

     

    Thx (again) Mac !!!!!!!!

    Tuesday, September 21, 2010 5:18 PM
  • You are a genius my friend !!!!


    No, but I did stay in a Holiday Inn Express last night  :)

    To make life easier, in the Topology builder, Define an "Administrative access url" such as https://Admin or https://admin.domain.com then point a dns record for that address to your Lync server.  Re-run step2 and 3 in the deployment wizard and then you'll not have to remember the long url again.

    Tuesday, September 21, 2010 5:32 PM
    • Proposed as answer by PilotManW Wednesday, June 8, 2011 11:09 AM
    Tuesday, September 21, 2010 5:42 PM
  • I had a similar issue and found I can access the Control Panel using IE and https://.../cscp URL, but the standard tool AdminUIHost.exe still cannot connect and gives "Navigation to the web page was cancelled". Debugger shows the tool tries to connect to admin.domain.com and server.domain.com but never uses /cscp at the end, I guess this is a cause of the issue.

    Does anybody has an idea how to force the tool to use the correct suffix?

    Thanks,

    -Alex

     

    Tuesday, September 21, 2010 6:30 PM
  • I had a similar issue and found I can access the Control Panel using IE and https://.../cscp URL, but the standard tool AdminUIHost.exe still cannot connect and gives "Navigation to the web page was cancelled". Debugger shows the tool tries to connect to admin.domain.com and server.domain.com but never uses /cscp at the end, I guess this is a cause of the issue.

    Does anybody has an idea how to force the tool to use the correct suffix?

    Thanks,

    -Alex

     

    Use the directions specified just above your post.
    Tuesday, September 21, 2010 7:00 PM
  • Sorry but again a (small ?) problem when I try to enable users in the CP, I get the following message : Active Directory Operation failed on "dc.tkdomain.be". You cannot retry this operation. Insufficient access rights to perform the operation.

    The user loggon while doing this is a member of all "cs" groups ...

    Any clue here ? Mac ? :-)

     

    Tuesday, September 21, 2010 7:14 PM
  • Is he a member of the CSViewOnlyAdministrator group?
    Tuesday, September 21, 2010 7:17 PM
  • Yes he is .. does not sound good does it ? :-)
    Tuesday, September 21, 2010 7:19 PM
  • Yes he is .. does not sound good does it ? :-)


    Yea, try and remove that one.  ;)

     

    EDIT: You should (for testing) only need the csadministrator group.  For more delegated purposes you can use some of the other ones.

    Tuesday, September 21, 2010 7:39 PM
  • Mac, I did remove that one but the problem remains ... Any furher clues ?
    Tuesday, September 21, 2010 7:41 PM
  • You shouldn't need this, but give it a try given that it's AD memberships and I've seen stranger.

    1. Be sure the new memberhips are replicated

    2. Close out your IE session (you ARE using IE AREN'T you?)

    3. Log off of the machine and log back in so that new memberships are registered

    4. When you log back in, run "whoami /groups" from a command promt to be sure that the membership is correct

    5. Try again

    Post back here

    Tuesday, September 21, 2010 7:43 PM
  • Mac,

    1 - How can I check this (Users in the Lync Server compared to those on the DC server ?) Checked this and looks ok ...

    2 - Yes .. it isn IE, closed and restarted

    3 -  Done

    4 - These are the groups that show :

    Group Name                                      Type             SID                                            Attributes                                                    
    =============================================== ================ ============================================== ===============================================================
    Everyone                                        Well-known group S-1-1-0                                        Mandatory group, Enabled by default, Enabled group            
    BUILTIN\Users                                   Alias            S-1-5-32-545                                   Mandatory group, Enabled by default, Enabled group            
    BUILTIN\Administrators                          Alias            S-1-5-32-544                                   Group used for deny only                                      
    NT AUTHORITY\INTERACTIVE                        Well-known group S-1-5-4                                        Mandatory group, Enabled by default, Enabled group            
    CONSOLE LOGON                                   Well-known group S-1-2-1                                        Mandatory group, Enabled by default, Enabled group            
    NT AUTHORITY\Authenticated Users                Well-known group S-1-5-11                                       Mandatory group, Enabled by default, Enabled group            
    NT AUTHORITY\This Organization                  Well-known group S-1-5-15                                       Mandatory group, Enabled by default, Enabled group            
    LOCAL                                           Well-known group S-1-2-0                                        Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\Domain Admins                          Group            S-1-5-21-2672593231-2759328678-3845507176-512  Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSUserAdministrator                    Group            S-1-5-21-2672593231-2759328678-3845507176-1208 Group used for deny only                                      
    TKDOMAIN\CSVoiceAdministrator                   Group            S-1-5-21-2672593231-2759328678-3845507176-1207 Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSServerAdministrator                  Group            S-1-5-21-2672593231-2759328678-3845507176-1212 Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSLocationAdministrator                Group            S-1-5-21-2672593231-2759328678-3845507176-1210 Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSResponseGroupAdministrator           Group            S-1-5-21-2672593231-2759328678-3845507176-1209 Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSArchivingAdministrator               Group            S-1-5-21-2672593231-2759328678-3845507176-1211 Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\Enterprise Admins                      Group            S-1-5-21-2672593231-2759328678-3845507176-519  Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSHelpDesk                             Group            S-1-5-21-2672593231-2759328678-3845507176-1214 Group used for deny only                                      
    TKDOMAIN\Schema Admins                          Group            S-1-5-21-2672593231-2759328678-3845507176-518  Mandatory group, Enabled by default, Enabled group            
    TKDOMAIN\CSAdministrator                        Group            S-1-5-21-2672593231-2759328678-3845507176-1206 Group used for deny only                                      
    TKDOMAIN\Denied RODC Password Replication Group Alias            S-1-5-21-2672593231-2759328678-3845507176-572  Mandatory group, Enabled by default, Enabled group            
    Mandatory Label\Medium Mandatory Level          Label            S-1-16-8192                                    Mandatory group, Enabled by default, Enabled group, Local Group

    5 - Done, same problem ...

    Tuesday, September 21, 2010 7:59 PM
  • I don't know, off the top of my head what restrictions are included in some of those groups such as help desk.  Can you remove all CS groups short of the CSAdministrator?

    Tuesday, September 21, 2010 8:02 PM
  • OK, done this and verified with the whoami /groups cmd ... only belongs to csadministrators and some "normal" ad groups now ... but the same problem persists ...
    Tuesday, September 21, 2010 8:09 PM
  • Thank you for the reply and advise. I guess that is why I put my question in this thread.

    Topology manager was configured with https://access.domain.com from the very beginning and Fiddler shows the tool is trying that URL. DNS contains A record for it. Credentials are added to tghe proper group (that is why I can access it via IE I believe)

    -Alex

     

    Tuesday, September 21, 2010 8:51 PM
  • So is the redirect not working? It when you hit the url, the server should redirect you to the /cscp path. 

     

    Tuesday, September 21, 2010 9:02 PM
  • Are there any errors in the Lync event viewer on the server.  This should "just work"
    Tuesday, September 21, 2010 9:05 PM
  • absolutely agree. It should. but it does not. Can I configure it somehow manually in IIS?
    • Edited by Alenat Wednesday, September 22, 2010 1:01 AM
    Tuesday, September 21, 2010 9:12 PM
  • Resolution:

    1. Added an additional IP to Lync. Disabled dynamic registration IP address in DNS and put a static A records in DNS (SRV left without changes). 

    2. Added an HTTP redirection feature to IIS

    3. Created a new web site with alias:admin and assigned it an HTTPS listener with new IP and the same certificate as the old one.

    4. Conigured redirection from this new site to https://poolname.domain.com/cscp

    4. In HOSTS file add a record to avoid name resolution to IPv6.

    After that redirection starts and the CP tool successfully connected to the web site.

    -Alex

     

     

    Tuesday, September 21, 2010 9:49 PM
  • Exact same problem here.

     Active Directory Operation failed on "xxxxx.xxx.com". You cannot retry this operation. Insufficient access rights to perform the operation.

    The status is:

    1.- Fresh install

    2.- Admin user as member of CSAdministrator only (Plus other groups, but is verified as Domain admin)

    3.- Reboot and restart everything

    4.- Take time (30 mins) to let replications and everything to finish

    Result:

    Active Directory Operation failed on "xxxxx.xxx.com". You cannot retry this operation. Insufficient access rights to perform the operation.

    Any ideas?

     

     


    Un administrador de sistemas
    Tuesday, September 21, 2010 10:35 PM
  • Lets narrow down that it's the control panel and not Lync itself

    1. Launch the Lync Powershell window.
    2. Attempt to enable a user :
    3. Enable-CSUser -Identity Domain\username -RegistrarPool LyncpoolFQDN -SipAddressType SAMAccountName -SipDomain FullDomainFQDN (Domain.com)

    That SHOULD work, Either way.....

    Ok, well that is odd.  Let's try something different.  Lets make sure that all activation steps happened as they were supposed to.  (We have done some other fiddling here, and it doesn't hurt)

    1. Open Topology builder
    2. Download the Topology
    3. Re-publish the topology
    4. Log off, back in
    5. Try again
    6. Open the Lync Powershell window
    7. Enable-CSComputer
    8. Log off, back in
    9. Try again
    10. Open the Lync Powershell Winodw
    11. Stop-CsWindowsService -Verbose ; Start-CsWindowsService -Verbose
    12. Log off, back in
    13. Try again

    NONE of this beyond steps 1-5 should be required, but it doesn't hurt to make sure everything is "just right".  I've deployed Lync 100s of times and not seen the error described here (now twice).  It seems to be an error thrown by the DC itself.

    If there is anything unique about how you installed Lync or the configuration of your topology (like you're installed on a VM running on a MAC) Please let me know.

    Tuesday, September 21, 2010 11:36 PM
  • Resolution:

    1. Added an additional IP to Lync. Disabled dynamic registration IP address in DNS and put a static A records in DNS (SRV left without changes). 

    2. Added an HTTP redirection feature to IIS

    3. Created a new web site with alias:admin and assigned it an HTTPS listener with new IP and the same certificate as the old one.

    4. Conigured redirection from this new site to https://poolname.domain.com/cscp

    4. In HOSTS file add a record to avoid name resolution to IPv6.

    After that redirection starts and the CP tool successfully connected to the web site.

    -Alex

     

     


    Step2 is what you were missing (Should be a Lync Prereq).  Everything else should have been taken care of by the deployment wizard.

    Tuesday, September 21, 2010 11:38 PM
  • Is the target user that you are trying to enable a member of Domain Admins group? If so you will see this permission error, more discussion here: http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/c90a7df8-ac4c-4297-a5a8-aa589e1d163d
    • Proposed as answer by Mac McTernen Wednesday, September 22, 2010 3:00 AM
    • Proposed as answer by Juan Ramon Bonell Wednesday, September 22, 2010 3:53 PM
    Wednesday, September 22, 2010 12:24 AM
  • Is the target user that you are trying to enable a member of Domain Admins group? If so you will see this permission error, more discussion here: http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/c90a7df8-ac4c-4297-a5a8-aa589e1d163d


    Yup, That appears to be it. 

    Learn something new every day :)

    Wednesday, September 22, 2010 3:00 AM
  • OK, I have just tried this. My current user is member of Domain users and CSAdministrators and the user I am trying to enable is a simple domain user. When trying to enable Lync users through the CP I still get the same error : Active Directory Operation failed on "dc.tkdomain.be". You cannot retry this operation. Insufficient access rights to perform the operation.

    Tony

    Wednesday, September 22, 2010 12:35 PM
  • It should not be a case with Lync, but I would try to add the admin user to RTCUniversalServerAdmins and RTCUniversalUserAdmins for test at least. I remember in Lync doc they suggested it. Mine is added to both old and new groups.

    -Alex

    Wednesday, September 22, 2010 12:40 PM
  • @Ales .. Do you mean the user taht is trying to enable other users should be part of these groups ?
    Wednesday, September 22, 2010 1:07 PM
  • @Ales .. Do you mean the user taht is trying to enable other users should be part of these groups ?

    Yes, I would give that a shot.
    Wednesday, September 22, 2010 1:22 PM
  • Unfortunately .. problem remains .... Are there any specific groups the target user (the one to enable) should belong ?
    Wednesday, September 22, 2010 1:29 PM
  • To be clear:

    1. The target user is a "normal" user without any membership to Admin type groups?
    2. Yes? Have you tried using Powershell as I shared above to perform the same action?
    3. Yes? Did you try steps 1-5 that I described above?

     

    Wednesday, September 22, 2010 2:03 PM
  • The user to log on to Lync Control Panel ONLY needs to be member of CSAdministrator or CSUserAdministrator

    The user being operated on should NOT be a member of super admins group, such as Domain Admins or Enterprise Admins.

    Note that you must ensure to run "Enable-CsAdDomain"(on any domain-joined computer) and "Enable-CsComputer"(on the FE or SE) in local PowerShell for Lync Control Panel to have correct permissions.

    If all the above are met, could you please try below:

    1. Open ADSI tool
    2. View properties for that user you are trying to enable
    3. Open advanced dialog from permissions tab
    4. Verify that "Include Inheritable Permissions ..." is checked

    Wednesday, September 22, 2010 2:22 PM
  • That's right

    The user with the problem was part of Domain Admins. Making the adjustment in the "Inherith...." does the trick.

    Thanks to every one


    Un administrador de sistemas
    Wednesday, September 22, 2010 3:54 PM
  • OK, with the help of some of the posts here, I've been able to narrow down and reproduce the causes of this error in my lab.  I'll try and summarize:

    Causes of "Active Directory Operation failed on "<DOMAIN CONTROLLER NAME>". You cannot retry this operation. Insufficient access rights to perform the operation."

    1. The user to be enabled has greater rights than the user trying to do the enabling.  Such as the enabled user is in the domain admins group and the control panel user is not.
    2. The user to be enabled is in an OU that does not have the appropriate Lync permissions inherited.  Open Active Directory Users and Computers, View -> Advanced Features.  Then right click on the OU, go to the security tab, and be sure that the "Include Inheritable permissions from this object's parent" is checked.

    Essentially what it boils down to, is that the user doing the enabling does not have rights to modify the active directory attributes of the particular user.

     

    Hope this helps.

    -Mac

    Wednesday, September 22, 2010 5:20 PM
  • Mac, just reading this last post ... I am sorry if I ask a very stupid question but where do I find rhis OU ? When I open Active Directory UJsers & Computers, View - Advanced Features then I can see my domain (tkdomain.be) Is this my OU ? When I right click on it - then Security tab - I do not see the "Include Inheritable permissions from this object's parent" option ?
    Wednesday, September 22, 2010 6:25 PM
  • The OUs are the "sub folders" in Active Directory that contain all of your user objects.  By default you will see "builtin", "Computers", "Domain Controllers", etc.  You'll want to find the OU that your user is homed in.

    OH and I missed a step.  When looking at the security tab, you'll click the Advanced button to see the inherited permissions checkbox

    To figure out what OU the user you are trying to enable is in.  Right click on your domain, click find, type in the user name you are looking for and click find now.

    Click the Object tab, the Canonical (say that 3 times fast) name of the object is a representation of where the user is in active directory.

    <domain name>/<OU>/<User>

    Wednesday, September 22, 2010 6:38 PM
  • So that would be in "Users" ? And YES that did the trick !!!! Thanks Mac ... On to the next step :-) I will restart everyting and see if this user can now logon to Lync !!

    Wednesday, September 22, 2010 6:59 PM
  • Canonicalcanonicalcanonical :-)
    Wednesday, September 22, 2010 7:00 PM
  • So user "Tony" is enabled now ... Started up Lync .. trying to connect . Cannot sign in because the server is temporaly unavailable ... Mmmmm .... will check further ...Not there yet !
    Wednesday, September 22, 2010 7:16 PM
  • Ok, another guy asked about that issue in another unrelated thread and I asked him to start a new topic.  Seems like there'll be a few of these.  Can you start a new thread with the question "Lync cannot sign in because the server is temporarally unavailable" ?

    Try and keep the topics easy to search for the others that will come along

     

    Wednesday, September 22, 2010 7:26 PM
  • I'm having the same issue

    I cannot access it through https://server fqdn/cscp 

     

    What step creates this site? it doesn't appear in iis?

    Wednesday, October 20, 2010 8:11 PM
  • I had an issue where https://fqdn/cscp was not working but i could access with the simple URL i created (http://cp.domainname/cscp)... the only problem was the AdminUI.exe was getting the "Navigation to web page has been cancelled" becuase it was still trying to use that dead link just like Alenat was getting above.  I found a config file in Profgrams Files\Lync 2010\Web Components\Internal Website named "web", found that the dead link was still in there and no mention of the simple url so i updated and saved (restarted IIS just to be safe) and the AdminUI worked first try.
    Monday, October 25, 2010 3:04 PM
  • I tried all the solutions proposed here and ended up having to uninstall the front end and reinstall for it to successfully work.

    Unfortunately this was the only way in my case.

    Friday, November 26, 2010 3:12 AM
  • HTTP Error 401.1 - Unauthorized

    You do not have permission to view this directory or page using the credentials that you supplied.

    <fieldset><legend>Detailed Error Information</legend>
    Module WindowsAuthenticationModule
     Notification AuthenticateRequest
    Handler StaticFile
    Error Code 0x8009030e
    Requested URL https://srvgtocs01.grupocatel.local:443/Cscp
    Physical Path C:\Program Files\Microsoft Lync Server 2010\Web Components\AdminUI
    Logon Method Not yet determined
    Logon User Not yet determined
    </fieldset>
    Do you have any idea???

     

     

    Thursday, December 2, 2010 5:28 PM
  • I had an issue where https://fqdn/cscp was not working but i could access with the simple URL i created (http://cp.domainname/cscp )... the only problem was the AdminUI.exe was getting the "Navigation to web page has been cancelled" becuase it was still trying to use that dead link just like Alenat was getting above.  I found a config file in Profgrams Files\Lync 2010\Web Components\Internal Website named "web", found that the dead link was still in there and no mention of the simple url so i updated and saved (restarted IIS just to be safe) and the AdminUI worked first try.

    Bumping this thread because I am having the same issue except I can access it from https://fqdn/cscp but not using the admin simple url that I configured.  DNS record is in place.
    I tried what was quoted above because there was no mention of control panel (CSCP) in my web.config file, i then restarted IIS.  That broke my https://fqdn/cscp too.
    I also tried adding HTTP Redirect to IIS.

    What else can I try?

    Tuesday, December 14, 2010 10:16 PM
  • Thank you. This was the correct fix for me!
    Sunday, January 23, 2011 6:10 PM
  • I've defined an "Administrative access url" as:

     

    https://admin.pstocs.com

    (or should it be https://admin.pstocs.com/cscp ??)

     

    How do I point a dns record for admin.pstocs.com to my Lync server?  Can't I just change the hosts file on the PC that will be doing the Lync Server Control Panel?

     

    It wouldn't let me user ocshost1.pstocs.com/cscp, is that because the ocshost1.pstocs.com is the exact name of the Lync Server? (which it is)

     

    Thanks,

    Scott

     

    Monday, March 14, 2011 7:05 PM
  • If you are getting: 

    Navigation to the webpage was canceled

    when you attempt to start the Lync Control Panel locally, but you can connect to the control panel using the FQDN/cscp, then take a look at the Lync internal site web.config.

     

    Diocletion made reference to it above.

     Profgrams Files\Lync 2010\Web Components\Internal Website\

    In the web.config file do a search for the simple admin url you entered in the topo wizard.

    Look at the FQDN of the redirect.  In my case, I had changed the internal pool fqdn for dns load balacing but did not have it's dns record entered in my dns.

    • Proposed as answer by ASHRAFUL HODA Sunday, March 25, 2012 1:43 PM
    Saturday, March 26, 2011 5:21 PM
  • Same problem here.

    Simply URLs configured in Topology Builder
    Published in the DNS
    Get-CsSimpleUrlConfiguration shows the correct configuration

    Yet the simple URLs don't work, instead returning a 403 (https://servername.domain/cscp works).

    It seems the deployment wizard fails at configuring the IIS automatically. I could probably go in and configure IIS manually, but that's a bit of a hassle and if the wizard keeps failing to configure it properly, a change in the topology would require more manual labor.

    So how to make the Deployment Wizard do what it is supposed to do in the first place?

    Monday, May 16, 2011 9:25 AM
  • Finally got it to work.
    I removed the URL Rewrite Module 2.0 via Control Panel, then re-installed it from the IIS website.

    No idea why it didn't work at first. It was a clean install of Server 2008R2.

    Tuesday, May 17, 2011 11:16 AM
  • Same problem here.

    Simply URLs configured in Topology Builder
    Published in the DNS
    Get-CsSimpleUrlConfiguration shows the correct configuration

    Yet the simple URLs don't work, instead returning a 403 (https://servername.domain/cscp works).

    It seems the deployment wizard fails at configuring the IIS automatically. I could probably go in and configure IIS manually, but that's a bit of a hassle and if the wizard keeps failing to configure it properly, a change in the topology would require more manual labor.

    So how to make the Deployment Wizard do what it is supposed to do in the first place?


    I have the same problem as Jimmi, I'm running Front End on Server 2008 R2, I reinstalled URL Rewrite Module 2.0 but the issue remains, also I have the same 403 - Forbidden: Access is denied error on sites like:

    https://pool.domain.net/ABS/

     I don't try this solution yet:

    http://sysisundefined.blogspot.com/2009/12/http-error-4011-unauthorized-access-is.html

    Do you recommend it? 

     


    Edilberto Martinez
    Wednesday, June 8, 2011 4:06 PM
  • Hi all,

    It looks like there are a number of different possible causes for this issue ("Navigation to the Web page was cancelled" when opening Lync Control Panel). For me, adding a HOSTS file entry on my Lync Std Edition server for the FQDN of the local server fixed the problem.

    Thanks to Alenat above for stating:

    4. In HOSTS file add a record to avoid name resolution to IPv6.

    ... which made me try this.

    Interestingly, before adding the HOSTS file entry, if I opened NSLOOKUP and ran queries for:

    <local server name>

    and

    <FQDN of local server>

    ... they both returned the correct IPv4 address. But it seems that IPv6 was taking precedence. Disabling IPv6 would probably also have fixed this for me. However, the Lync setup guide does not instruct us to do that. I also have 2 x Ent Edition front-end servers in my environment and they did not exhibit this issue so I never disabled IPv6 on them or had any need to add a HOSTS file entry.

    Before I fixed this issue, I also found that of all the synthetic tests you can run on a Lync server, only one would fail:

    Test-CsGroupExpansion –GroupEmailAddress <address> -TargetFQDN <server FQDN>

    This complained there was no response from the Web Ticket service. After adding the local HOSTS file entry, this issue was also fixed.

    Cheers,

    Garry

    • Proposed as answer by Mike Mackie Sunday, September 25, 2011 11:40 AM
    Thursday, June 23, 2011 10:48 AM
  • For me the issue was solved adding the HTTP Redirection feature on the IIS.

    Hope this helps you.

    EM

    Thursday, June 23, 2011 2:27 PM
  • This one worked for me, it was returning IPv6, hosts file set it to IPv4, now it works again.
    Sunday, September 25, 2011 11:40 AM
  • The following worked for me when I had "Navigation to the webpage was cancelled" in CSCP:

    1. "Start" "Administrative Tools" "Internet Information Services (IIS) Manager"

    2. Expand the node containing your Lync server in the tree on the left

    3. Click on "Sites" below your server name in the tree.

    4. In the middle panel, right click on "Lync Server External Website" and select "Binding"

    5. Select the https line and click "Edit"

    6. Make sure the right certificate is assigned (in my case no certificate was assigned)

    7. In the middle panel, right click on "Lync Server Internal Website" and select "Binding"

    8. Repeat the steps 5. and 6. for the internal website.

    Other things I did previously but have no idea if they were useful: (that was to fix 
    Error 404 when trying to access cscp):
    from the ISO image of Lync installation DVD: removed and reinstalled some Lync components:
    webcomponents, mgmtserver, admintools.  However, use this with caution: it is purely empirical and
    was done on a SE lab server.

     

    Friday, October 7, 2011 9:00 AM
  • How are you attempting to connect to the control panel?

    Try

    https://Server.domain.com/cscp

    Did you configure a simple URL for the control panel? 

    Is the DNS set up to point that url to the appropriate server?

    Did it prompt for a login?  Was the login you used a member of the CSAdministrator group?

    Mac---it's Fantastic. it's worked for me. I was strugelling for 2 days. now I've got the solution. thank you very much.

    /YellowSnake

    Wednesday, March 14, 2012 2:35 PM
  • Thanks Dear

    it worked for me , i flowed these steps

    Profgrams Files\Lync 2010\Web Components\Internal Website\

    In the web.config file do a search for the simple admin url you entered in the topo wizard.

    and created two DNS record , which was missing in DNS , meet.XXXXX,COM and POOL01.XXXXXX.COM and it worked

    Sunday, March 25, 2012 1:46 PM