Remove From My Forums

Lync Control Panel will not start

Question
1

Sign in to vote

Hi, after completeing the full Lync Server installation, I tried to start up the Lync Control Panel. This presents me with the following error :

HTTP Error 403.14 - Forbidden

The Web server is configured to not list the contents of this directory.

Any idea what is going wrong ? Thanks for your help !!!!!!!!

Tuesday, September 21, 2010 4:48 PM

Reply

|

Quote

Answers

4

Sign in to vote
How are you attempting to connect to the control panel?

Try

https://Server.domain.com/cscp

Did you configure a simple URL for the control panel?

Is the DNS set up to point that url to the appropriate server?

Did it prompt for a login? Was the login you used a member of the CSAdministrator group?
- Proposed as answer by iTommyClarke Tuesday, September 21, 2010 5:20 PM
- Marked as answer by TOKN Tuesday, September 21, 2010 5:40 PM
Tuesday, September 21, 2010 4:59 PM

Reply

|

Quote

All replies

0

Sign in to vote
Hi,

I just finished installing Lync server. After the ninstallation I try to start up the CP but I get this error :

HTTP Error 403.14 - Forbidden

The Web server is configured to not list the contents of this directory.

Any idea what is going wrong here ? Many thanks for your help !!!!!!
- Merged by Ben-Shun Zhu Wednesday, September 22, 2010 6:28 AM Questions are same
Tuesday, September 21, 2010 4:52 PM

Reply

|

Quote
0

Sign in to vote

How are you attempting to connect to the control panel?

Try

https://Server.domain.com/cscp

Did you configure a simple URL for the control panel?

Is the DNS set up to point that url to the appropriate server?

Did it prompt for a login? Was the login you used a member of the CSAdministrator group?

Tuesday, September 21, 2010 4:59 PM

Reply

|

Quote
4

Sign in to vote
How are you attempting to connect to the control panel?

Try

https://Server.domain.com/cscp

Did you configure a simple URL for the control panel?

Is the DNS set up to point that url to the appropriate server?

Did it prompt for a login? Was the login you used a member of the CSAdministrator group?
- Proposed as answer by iTommyClarke Tuesday, September 21, 2010 5:20 PM
- Marked as answer by TOKN Tuesday, September 21, 2010 5:40 PM
Tuesday, September 21, 2010 4:59 PM

Reply

|

Quote
0

Sign in to vote

You are a genius my friend !!!! The
https://Server.domain.com/cscp works ! And yes it asks me for a Login.

Thx (again) Mac !!!!!!!!

Tuesday, September 21, 2010 5:18 PM

Reply

|

Quote
0

Sign in to vote

You are a genius my friend !!!!

No, but I did stay in a Holiday Inn Express last night :)

To make life easier, in the Topology builder, Define an "Administrative access url" such as https://Admin or https://admin.domain.com then point a dns record for that address to your Lync server. Re-run step2 and 3 in the deployment wizard and then you'll not have to remember the long url again.

Tuesday, September 21, 2010 5:32 PM

Reply

|

Quote
0

Sign in to vote
Duplicate thread.

Problem solved here: http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/2bb584b7-ae5f-4eb0-a992-4175a3a9b5d9
- Proposed as answer by PilotManW Wednesday, June 8, 2011 11:09 AM
Tuesday, September 21, 2010 5:42 PM

Reply

|

Quote
0

Sign in to vote

I had a similar issue and found I can access the Control Panel using IE and https://.../cscp URL, but the standard tool AdminUIHost.exe still cannot connect and gives "Navigation to the web page was cancelled". Debugger shows the tool tries to connect to admin.domain.com and server.domain.com but never uses /cscp at the end, I guess this is a cause of the issue.

Does anybody has an idea how to force the tool to use the correct suffix?

Thanks,

-Alex

Tuesday, September 21, 2010 6:30 PM

Reply

|

Quote
0

Sign in to vote

I had a similar issue and found I can access the Control Panel using IE and https://.../cscp URL, but the standard tool AdminUIHost.exe still cannot connect and gives "Navigation to the web page was cancelled". Debugger shows the tool tries to connect to admin.domain.com and server.domain.com but never uses /cscp at the end, I guess this is a cause of the issue.

Does anybody has an idea how to force the tool to use the correct suffix?

Thanks,

-Alex

Use the directions specified just above your post.

Tuesday, September 21, 2010 7:00 PM

Reply

|

Quote
0

Sign in to vote

Sorry but again a (small ?) problem when I try to enable users in the CP, I get the following message : Active Directory Operation failed on "dc.tkdomain.be". You cannot retry this operation. Insufficient access rights to perform the operation.

The user loggon while doing this is a member of all "cs" groups ...

Any clue here ? Mac ? :-)

Tuesday, September 21, 2010 7:14 PM

Reply

|

Quote
0

Sign in to vote

Is he a member of the CSViewOnlyAdministrator group?

Tuesday, September 21, 2010 7:17 PM

Reply

|

Quote
0

Sign in to vote

Yes he is .. does not sound good does it ? :-)

Tuesday, September 21, 2010 7:19 PM

Reply

|

Quote
0

Sign in to vote

Yes he is .. does not sound good does it ? :-)

Yea, try and remove that one. ;)

EDIT: You should (for testing) only need the csadministrator group. For more delegated purposes you can use some of the other ones.

Tuesday, September 21, 2010 7:39 PM

Reply

|

Quote
0

Sign in to vote

Mac, I did remove that one but the problem remains ... Any furher clues ?

Tuesday, September 21, 2010 7:41 PM

Reply

|

Quote
0

Sign in to vote

You shouldn't need this, but give it a try given that it's AD memberships and I've seen stranger.

1. Be sure the new memberhips are replicated

2. Close out your IE session (you ARE using IE AREN'T you?)

3. Log off of the machine and log back in so that new memberships are registered

4. When you log back in, run "whoami /groups" from a command promt to be sure that the membership is correct

5. Try again

Post back here

Tuesday, September 21, 2010 7:43 PM

Reply

|

Quote
0

Sign in to vote

Mac,

1 - How can I check this (Users in the Lync Server compared to those on the DC server ?) Checked this and looks ok ...

2 - Yes .. it isn IE, closed and restarted

3 - Done

4 - These are the groups that show :

Group Name                                      Type             SID                                            Attributes
=============================================== ================ ============================================== ===============================================================
Everyone                                        Well-known group S-1-1-0                                        Mandatory group, Enabled by default, Enabled group
BUILTIN\Users                                   Alias            S-1-5-32-545                                   Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                          Alias            S-1-5-32-544                                   Group used for deny only
NT AUTHORITY\INTERACTIVE                        Well-known group S-1-5-4                                        Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                                   Well-known group S-1-2-1                                        Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users                Well-known group S-1-5-11                                       Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization                  Well-known group S-1-5-15                                       Mandatory group, Enabled by default, Enabled group
LOCAL                                           Well-known group S-1-2-0                                        Mandatory group, Enabled by default, Enabled group
TKDOMAIN\Domain Admins                          Group            S-1-5-21-2672593231-2759328678-3845507176-512 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSUserAdministrator                    Group            S-1-5-21-2672593231-2759328678-3845507176-1208 Group used for deny only
TKDOMAIN\CSVoiceAdministrator                   Group            S-1-5-21-2672593231-2759328678-3845507176-1207 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSServerAdministrator                  Group            S-1-5-21-2672593231-2759328678-3845507176-1212 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSLocationAdministrator                Group            S-1-5-21-2672593231-2759328678-3845507176-1210 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSResponseGroupAdministrator           Group            S-1-5-21-2672593231-2759328678-3845507176-1209 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSArchivingAdministrator               Group            S-1-5-21-2672593231-2759328678-3845507176-1211 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\Enterprise Admins                      Group            S-1-5-21-2672593231-2759328678-3845507176-519 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSHelpDesk                             Group            S-1-5-21-2672593231-2759328678-3845507176-1214 Group used for deny only
TKDOMAIN\Schema Admins                          Group            S-1-5-21-2672593231-2759328678-3845507176-518 Mandatory group, Enabled by default, Enabled group
TKDOMAIN\CSAdministrator                        Group            S-1-5-21-2672593231-2759328678-3845507176-1206 Group used for deny only
TKDOMAIN\Denied RODC Password Replication Group Alias            S-1-5-21-2672593231-2759328678-3845507176-572 Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level          Label            S-1-16-8192                                    Mandatory group, Enabled by default, Enabled group, Local Group

5 - Done, same problem ...

Tuesday, September 21, 2010 7:59 PM

Reply

|

Quote
0

Sign in to vote

I don't know, off the top of my head what restrictions are included in some of those groups such as help desk. Can you remove all CS groups short of the CSAdministrator?

Tuesday, September 21, 2010 8:02 PM

Reply

|

Quote
0

Sign in to vote

OK, done this and verified with the whoami /groups cmd ... only belongs to csadministrators and some "normal" ad groups now ... but the same problem persists ...

Tuesday, September 21, 2010 8:09 PM

Reply

|

Quote
0

Sign in to vote

Thank you for the reply and advise. I guess that is why I put my question in this thread.

Topology manager was configured with https://access.domain.com from the very beginning and Fiddler shows the tool is trying that URL. DNS contains A record for it. Credentials are added to tghe proper group (that is why I can access it via IE I believe)

-Alex

Tuesday, September 21, 2010 8:51 PM

Reply

|

Quote
0

Sign in to vote

So is the redirect not working? It when you hit the url, the server should redirect you to the /cscp path.

Tuesday, September 21, 2010 9:02 PM

Reply

|

Quote
0

Sign in to vote

Are there any errors in the Lync event viewer on the server. This should "just work"

Tuesday, September 21, 2010 9:05 PM

Reply

|

Quote
0

Sign in to vote
absolutely agree. It should. but it does not. Can I configure it somehow manually in IIS?
- Edited by Alenat Wednesday, September 22, 2010 1:01 AM
Tuesday, September 21, 2010 9:12 PM

Reply

|

Quote
0

Sign in to vote

Resolution:

1. Added an additional IP to Lync. Disabled dynamic registration IP address in DNS and put a static A records in DNS (SRV left without changes).

2. Added an HTTP redirection feature to IIS

3. Created a new web site with alias:admin and assigned it an HTTPS listener with new IP and the same certificate as the old one.

4. Conigured redirection from this new site to https://poolname.domain.com/cscp

4. In HOSTS file add a record to avoid name resolution to IPv6.

After that redirection starts and the CP tool successfully connected to the web site.

-Alex

Tuesday, September 21, 2010 9:49 PM

Reply

|

Quote
0

Sign in to vote

Exact same problem here.

Active Directory Operation failed on "xxxxx.xxx.com". You cannot retry this operation. Insufficient access rights to perform the operation.

The status is:

1.- Fresh install

2.- Admin user as member of CSAdministrator only (Plus other groups, but is verified as Domain admin)

3.- Reboot and restart everything

4.- Take time (30 mins) to let replications and everything to finish

Result:

Active Directory Operation failed on "xxxxx.xxx.com". You cannot retry this operation. Insufficient access rights to perform the operation.

Any ideas?

Un administrador de sistemas

Tuesday, September 21, 2010 10:35 PM

Reply

|

Quote
0

Sign in to vote
Lets narrow down that it's the control panel and not Lync itself

Launch the Lync Powershell window.
Attempt to enable a user :
Enable-CSUser -Identity Domain\username -RegistrarPool LyncpoolFQDN -SipAddressType SAMAccountName -SipDomain FullDomainFQDN (Domain.com)

That SHOULD work, Either way.....

Ok, well that is odd. Let's try something different. Lets make sure that all activation steps happened as they were supposed to. (We have done some other fiddling here, and it doesn't hurt)

Open Topology builder
Download the Topology
Re-publish the topology
Log off, back in
Try again
Open the Lync Powershell window
Enable-CSComputer
Log off, back in
Try again
Open the Lync Powershell Winodw
Stop-CsWindowsService -Verbose ; Start-CsWindowsService -Verbose
Log off, back in
Try again

NONE of this beyond steps 1-5 should be required, but it doesn't hurt to make sure everything is "just right". I've deployed Lync 100s of times and not seen the error described here (now twice). It seems to be an error thrown by the DC itself.

If there is anything unique about how you installed Lync or the configuration of your topology (like you're installed on a VM running on a MAC) Please let me know.
Tuesday, September 21, 2010 11:36 PM

Reply

|

Quote
1

Sign in to vote

Resolution:

1. Added an additional IP to Lync. Disabled dynamic registration IP address in DNS and put a static A records in DNS (SRV left without changes).

2. Added an HTTP redirection feature to IIS

3. Created a new web site with alias:admin and assigned it an HTTPS listener with new IP and the same certificate as the old one.

4. Conigured redirection from this new site to https://poolname.domain.com/cscp

4. In HOSTS file add a record to avoid name resolution to IPv6.

After that redirection starts and the CP tool successfully connected to the web site.

-Alex

Step2 is what you were missing (Should be a Lync Prereq). Everything else should have been taken care of by the deployment wizard.

Tuesday, September 21, 2010 11:38 PM

Reply

|

Quote
0

Sign in to vote
Is the target user that you are trying to enable a member of Domain Admins group? If so you will see this permission error, more discussion here: http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/c90a7df8-ac4c-4297-a5a8-aa589e1d163d
- Proposed as answer by Mac McTernen Wednesday, September 22, 2010 3:00 AM
- Proposed as answer by Juan Ramon Bonell Wednesday, September 22, 2010 3:53 PM
Wednesday, September 22, 2010 12:24 AM

Reply

|

Quote
0

Sign in to vote

Is the target user that you are trying to enable a member of Domain Admins group? If so you will see this permission error, more discussion here: http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/c90a7df8-ac4c-4297-a5a8-aa589e1d163d

Yup, That appears to be it.

Learn something new every day :)

Wednesday, September 22, 2010 3:00 AM

Reply

|

Quote
0

Sign in to vote

OK, I have just tried this. My current user is member of Domain users and CSAdministrators and the user I am trying to enable is a simple domain user. When trying to enable Lync users through the CP I still get the same error : Active Directory Operation failed on "dc.tkdomain.be". You cannot retry this operation. Insufficient access rights to perform the operation.

Tony

Wednesday, September 22, 2010 12:35 PM

Reply

|

Quote
0

Sign in to vote

It should not be a case with Lync, but I would try to add the admin user to RTCUniversalServerAdmins and RTCUniversalUserAdmins for test at least. I remember in Lync doc they suggested it. Mine is added to both old and new groups.

-Alex

Wednesday, September 22, 2010 12:40 PM

Reply

|

Quote
0

Sign in to vote

@Ales .. Do you mean the user taht is trying to enable other users should be part of these groups ?

Wednesday, September 22, 2010 1:07 PM

Reply

|

Quote
0

Sign in to vote

@Ales .. Do you mean the user taht is trying to enable other users should be part of these groups ?

Yes, I would give that a shot.

Wednesday, September 22, 2010 1:22 PM

Reply

|

Quote
0

Sign in to vote

Unfortunately .. problem remains .... Are there any specific groups the target user (the one to enable) should belong ?

Wednesday, September 22, 2010 1:29 PM

Reply

|

Quote
0

Sign in to vote
To be clear:

The target user is a "normal" user without any membership to Admin type groups?
Yes? Have you tried using Powershell as I shared above to perform the same action?
Yes? Did you try steps 1-5 that I described above?
Wednesday, September 22, 2010 2:03 PM

Reply

|

Quote
0

Sign in to vote
The user to log on to Lync Control Panel ONLY needs to be member of CSAdministrator or CSUserAdministrator

The user being operated on should NOT be a member of super admins group, such as Domain Admins or Enterprise Admins.

Note that you must ensure to run "Enable-CsAdDomain"(on any domain-joined computer) and "Enable-CsComputer"(on the FE or SE) in local PowerShell for Lync Control Panel to have correct permissions.

If all the above are met, could you please try below:

1. Open ADSI tool
2. View properties for that user you are trying to enable
3. Open advanced dialog from permissions tab
4. Verify that "Include Inheritable Permissions ..." is checked
- Proposed as answer by Juan Ramon Bonell Wednesday, September 22, 2010 4:04 PM
Wednesday, September 22, 2010 2:22 PM

Reply

|

Quote
0

Sign in to vote

That's right

The user with the problem was part of Domain Admins. Making the adjustment in the "Inherith...." does the trick.

Thanks to every one
Un administrador de sistemas

Wednesday, September 22, 2010 3:54 PM

Reply

|

Quote
0

Sign in to vote
OK, with the help of some of the posts here, I've been able to narrow down and reproduce the causes of this error in my lab. I'll try and summarize:

Causes of "Active Directory Operation failed on "<DOMAIN CONTROLLER NAME>". You cannot retry this operation. Insufficient access rights to perform the operation."

The user to be enabled has greater rights than the user trying to do the enabling. Such as the enabled user is in the domain admins group and the control panel user is not.
The user to be enabled is in an OU that does not have the appropriate Lync permissions inherited. Open Active Directory Users and Computers, View -> Advanced Features. Then right click on the OU, go to the security tab, and be sure that the "Include Inheritable permissions from this object's parent" is checked.

Essentially what it boils down to, is that the user doing the enabling does not have rights to modify the active directory attributes of the particular user.

Hope this helps.

-Mac
Wednesday, September 22, 2010 5:20 PM

Reply

|

Quote
0

Sign in to vote

Mac, just reading this last post ... I am sorry if I ask a very stupid question but where do I find rhis OU ? When I open Active Directory UJsers & Computers, View - Advanced Features then I can see my domain (tkdomain.be) Is this my OU ? When I right click on it - then Security tab - I do not see the "Include Inheritable permissions from this object's parent" option ?

Wednesday, September 22, 2010 6:25 PM

Reply

|

Quote
0

Sign in to vote

The OUs are the "sub folders" in Active Directory that contain all of your user objects. By default you will see "builtin", "Computers", "Domain Controllers", etc. You'll want to find the OU that your user is homed in.

OH and I missed a step. When looking at the security tab, you'll click the Advanced button to see the inherited permissions checkbox

To figure out what OU the user you are trying to enable is in. Right click on your domain, click find, type in the user name you are looking for and click find now.

Click the Object tab, the Canonical (say that 3 times fast) name of the object is a representation of where the user is in active directory.

<domain name>/<OU>/<User>

Wednesday, September 22, 2010 6:38 PM

Reply

|

Quote
0

Sign in to vote

So that would be in "Users" ? And YES that did the trick !!!! Thanks Mac ... On to the next step :-) I will restart everyting and see if this user can now logon to Lync !!

Wednesday, September 22, 2010 6:59 PM

Reply

|

Quote
0

Sign in to vote

Canonicalcanonicalcanonical :-)

Wednesday, September 22, 2010 7:00 PM

Reply

|

Quote
0

Sign in to vote

So user "Tony" is enabled now ... Started up Lync .. trying to connect . Cannot sign in because the server is temporaly unavailable ... Mmmmm .... will check further ...Not there yet !

Wednesday, September 22, 2010 7:16 PM

Reply

|

Quote
0

Sign in to vote

Ok, another guy asked about that issue in another unrelated thread and I asked him to start a new topic. Seems like there'll be a few of these. Can you start a new thread with the question "Lync cannot sign in because the server is temporarally unavailable" ?

Try and keep the topics easy to search for the others that will come along

Wednesday, September 22, 2010 7:26 PM

Reply

|

Quote
0

Sign in to vote

I'm having the same issue

I cannot access it through https://server fqdn/cscp

What step creates this site? it doesn't appear in iis?

Wednesday, October 20, 2010 8:11 PM

Reply

|

Quote
0

Sign in to vote

I had an issue where https://fqdn/cscp was not working but i could access with the simple URL i created (http://cp.domainname/cscp)... the only problem was the AdminUI.exe was getting the "Navigation to web page has been cancelled" becuase it was still trying to use that dead link just like Alenat was getting above. I found a config file in Profgrams Files\Lync 2010\Web Components\Internal Website named "web", found that the dead link was still in there and no mention of the simple url so i updated and saved (restarted IIS just to be safe) and the AdminUI worked first try.

Monday, October 25, 2010 3:04 PM

Reply

|

Quote
0

Sign in to vote

I tried all the solutions proposed here and ended up having to uninstall the front end and reinstall for it to successfully work.

Unfortunately this was the only way in my case.

Friday, November 26, 2010 3:12 AM

Reply

|

Quote

HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

<fieldset><legend>Detailed Error Information</legend>

Module	WindowsAuthenticationModule
Notification	AuthenticateRequest
Handler	StaticFile
Error Code	0x8009030e

Requested URL	https://srvgtocs01.grupocatel.local:443/Cscp
Physical Path	C:\Program Files\Microsoft Lync Server 2010\Web Components\AdminUI
Logon Method	Not yet determined
Logon User	Not yet determined

</fieldset>

Do you have any idea???

Thursday, December 2, 2010 5:28 PM

0

Sign in to vote

I had an issue where https://fqdn/cscp was not working but i could access with the simple URL i created (http://cp.domainname/cscp )... the only problem was the AdminUI.exe was getting the "Navigation to web page has been cancelled" becuase it was still trying to use that dead link just like Alenat was getting above. I found a config file in Profgrams Files\Lync 2010\Web Components\Internal Website named "web", found that the dead link was still in there and no mention of the simple url so i updated and saved (restarted IIS just to be safe) and the AdminUI worked first try.

Bumping this thread because I am having the same issue except I can access it from https://fqdn/cscp but not using the admin simple url that I configured. DNS record is in place.
I tried what was quoted above because there was no mention of control panel (CSCP) in my web.config file, i then restarted IIS. That broke my https://fqdn/cscp too.
I also tried adding HTTP Redirect to IIS.

What else can I try?

Tuesday, December 14, 2010 10:16 PM

Reply

|

Quote
0

Sign in to vote

Thank you. This was the correct fix for me!

Sunday, January 23, 2011 6:10 PM

Reply

|

Quote
0

Sign in to vote

I've defined an "Administrative access url" as:

https://admin.pstocs.com

(or should it be https://admin.pstocs.com/cscp ??)

How do I point a dns record for admin.pstocs.com to my Lync server? Can't I just change the hosts file on the PC that will be doing the Lync Server Control Panel?

It wouldn't let me user ocshost1.pstocs.com/cscp, is that because the ocshost1.pstocs.com is the exact name of the Lync Server? (which it is)

Thanks,

Scott

Monday, March 14, 2011 7:05 PM

Reply

|

Quote
0

Sign in to vote
If you are getting:
Navigation to the webpage was canceled

when you attempt to start the Lync Control Panel locally, but you can connect to the control panel using the FQDN/cscp, then take a look at the Lync internal site web.config.

Diocletion made reference to it above.

Profgrams Files\Lync 2010\Web Components\Internal Website\

In the web.config file do a search for the simple admin url you entered in the topo wizard.

Look at the FQDN of the redirect. In my case, I had changed the internal pool fqdn for dns load balacing but did not have it's dns record entered in my dns.
- Proposed as answer by ASHRAFUL HODA Sunday, March 25, 2012 1:43 PM
Saturday, March 26, 2011 5:21 PM

Reply

|

Quote
0

Sign in to vote

Same problem here.

Simply URLs configured in Topology Builder
Published in the DNS
Get-CsSimpleUrlConfiguration shows the correct configuration

Yet the simple URLs don't work, instead returning a 403 (https://servername.domain/cscp works).

It seems the deployment wizard fails at configuring the IIS automatically. I could probably go in and configure IIS manually, but that's a bit of a hassle and if the wizard keeps failing to configure it properly, a change in the topology would require more manual labor.

So how to make the Deployment Wizard do what it is supposed to do in the first place?

Monday, May 16, 2011 9:25 AM

Reply

|

Quote
0

Sign in to vote

Finally got it to work.
I removed the URL Rewrite Module 2.0 via Control Panel, then re-installed it from the IIS website.

No idea why it didn't work at first. It was a clean install of Server 2008R2.

Tuesday, May 17, 2011 11:16 AM

Reply

|

Quote
0

Sign in to vote
Same problem here.

Simply URLs configured in Topology Builder
Published in the DNS
Get-CsSimpleUrlConfiguration shows the correct configuration

Yet the simple URLs don't work, instead returning a 403 (https://servername.domain/cscp works).

It seems the deployment wizard fails at configuring the IIS automatically. I could probably go in and configure IIS manually, but that's a bit of a hassle and if the wizard keeps failing to configure it properly, a change in the topology would require more manual labor.

So how to make the Deployment Wizard do what it is supposed to do in the first place?

I have the same problem as Jimmi, I'm running Front End on Server 2008 R2, I reinstalled URL Rewrite Module 2.0 but the issue remains, also I have the same 403 - Forbidden: Access is denied error on sites like:

https://pool.domain.net/ABS/

I don't try this solution yet:

http://sysisundefined.blogspot.com/2009/12/http-error-4011-unauthorized-access-is.html

Do you recommend it?

Edilberto Martinez
- Edited by Edil Martínez Wednesday, June 8, 2011 4:11 PM add info
Wednesday, June 8, 2011 4:06 PM

Reply

|

Quote
0

Sign in to vote
Hi all,

It looks like there are a number of different possible causes for this issue ("Navigation to the Web page was cancelled" when opening Lync Control Panel). For me, adding a HOSTS file entry on my Lync Std Edition server for the FQDN of the local server fixed the problem.

Thanks to Alenat above for stating:

4. In HOSTS file add a record to avoid name resolution to IPv6.

... which made me try this.

Interestingly, before adding the HOSTS file entry, if I opened NSLOOKUP and ran queries for:

<local server name>

and

<FQDN of local server>

... they both returned the correct IPv4 address. But it seems that IPv6 was taking precedence. Disabling IPv6 would probably also have fixed this for me. However, the Lync setup guide does not instruct us to do that. I also have 2 x Ent Edition front-end servers in my environment and they did not exhibit this issue so I never disabled IPv6 on them or had any need to add a HOSTS file entry.

Before I fixed this issue, I also found that of all the synthetic tests you can run on a Lync server, only one would fail:

Test-CsGroupExpansion â€“GroupEmailAddress <address> -TargetFQDN <server FQDN>

This complained there was no response from the Web Ticket service. After adding the local HOSTS file entry, this issue was also fixed.

Cheers,

Garry
- Proposed as answer by Mike Mackie Sunday, September 25, 2011 11:40 AM
Thursday, June 23, 2011 10:48 AM

Reply

|

Quote
0

Sign in to vote

For me the issue was solved adding the HTTP Redirection feature on the IIS.

Hope this helps you.

EM

Thursday, June 23, 2011 2:27 PM

Reply

|

Quote
0

Sign in to vote

This one worked for me, it was returning IPv6, hosts file set it to IPv4, now it works again.

Sunday, September 25, 2011 11:40 AM

Reply

|

Quote
0

Sign in to vote

The following worked for me when I had "Navigation to the webpage was cancelled" in CSCP:

1. "Start" "Administrative Tools" "Internet Information Services (IIS) Manager"

2. Expand the node containing your Lync server in the tree on the left

3. Click on "Sites" below your server name in the tree.

4. In the middle panel, right click on "Lync Server External Website" and select "Binding"

5. Select the https line and click "Edit"

6. Make sure the right certificate is assigned (in my case no certificate was assigned)

7. In the middle panel, right click on "Lync Server Internal Website" and select "Binding"

8. Repeat the steps 5. and 6. for the internal website.

Other things I did previously but have no idea if they were useful: (that was to fix
Error 404 when trying to access cscp):
from the ISO image of Lync installation DVD: removed and reinstalled some Lync components:
webcomponents, mgmtserver, admintools. However, use this with caution: it is purely empirical and
was done on a SE lab server.

Friday, October 7, 2011 9:00 AM

Reply

|

Quote
0

Sign in to vote

How are you attempting to connect to the control panel?

Try

https://Server.domain.com/cscp

Did you configure a simple URL for the control panel?

Is the DNS set up to point that url to the appropriate server?

Did it prompt for a login? Was the login you used a member of the CSAdministrator group?

Mac---it's Fantastic. it's worked for me. I was strugelling for 2 days. now I've got the solution. thank you very much.

/YellowSnake

Wednesday, March 14, 2012 2:35 PM

Reply

|

Quote
0

Sign in to vote

Thanks Dear

it worked for me , i flowed these steps
Profgrams Files\Lync 2010\Web Components\Internal Website\
In the web.config file do a search for the simple admin url you entered in the topo wizard.

and created two DNS record , which was missing in DNS , meet.XXXXX,COM and POOL01.XXXXXX.COM and it worked

Sunday, March 25, 2012 1:46 PM

Reply

|

Quote

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Lync Control Panel will not start

Question

HTTP Error 403.14 - Forbidden

The Web server is configured to not list the contents of this directory.

Answers

All replies

HTTP Error 403.14 - Forbidden

The Web server is configured to not list the contents of this directory.

HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

Navigation to the webpage was canceled