Saturday 3 May 2014

Move CMS

Not exactly new but I guess it's the first time I'm moving CMS without being a Domain Admin.

Technet article will tell you only need RTCUniversalServerAdmins but that's wrong. If you are not a Domain Admin you will get this error, one for each server in the pool you are moving your CMS into:

Warning: Failed to create new instance of "Server FQDN" at "LS CentralMgmt Service".

And you won't be able to Enable-CsTopology.

Re-run Enable-CsTopology with a Domain Admin account to create the instances needed. After that you will need to start the Lync Server Master Replicator Agent. In my case when I did that, I got a error in my FE saying it couldn't access the CMSFileStore file share but after stopping all the services and bringing them back the issue was gone.

1 comment:

  1. Hi there, I just hit this same issue, but Domain Admins wasn't an option in my case due to my customer's split permissions model. I discovered that the problem was that the RtcUniversalServerAdmins group needs the 'Create all child objects' permission on the 'Microsoft' container to create the new Service Control Point "under" the computer account for each Lync server:

    1. Open Active Directory Users & Computers
    2. IMPORTANT: From the View menu, make sure that both 'Advanced Features' and 'Users, Contacts, Groups, and Computers as containers' are checked before proceeding!
    3. Navigate to the computer account object for each Lync server and DOUBLE click OR use the triangle to expand the object.
    4. Notice the 'Microsoft' container that is a child of the Lync server computer account object. Right click it and select Properties.
    5. Go to the Security tab, then select RtcUniversalServerAdmins from the list at the top and check the box for 'Create all child objects' and click OK.
    6. Repeat for each Lync server (or at least the one(s) throwing the Access Denied error).

    I hope this helps.

    - Chris

    ReplyDelete