D(one) IT

IT Tips, Tricks & Such

DCOM Error When Attempting To Move Lync Users

Working with a client to move users between a Lync 2010 pool and a new Lync 2013 pool, a collegue of mine came across the following error:

Unable to connect to some of the servers in pool “poolname” due to a Distributed Component Object Model (DCOM) error. Verify that Front End service is running on servers in this pool. If the pool is set up for load balancing, verify that load balancer is configured correctly.

DCOM-1

Trying the same move from the Lync Management Shell had the following error:

Cannot find Registrar pool. Verify that “poolname” is a valid registrar pool.

dcom3

Searching the net for the error yielded fixes if the pool was behind a hardware load balancer or messing with the dcomcnfg tool.



Unfortunately neither solution work in our scenario. To resolve the error, the Local Security Policy of the servers reported in the error needed to be modified.

Fix:

  1. Click “Start” -> “Run” -> Type “secpol.msc” -> Click “OK”
  2. Expand “Local Policies” -> Click on “Secuirty Options”
  3. Double Click “DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax” Policy
  4. On the “Template Secuirty Policy Setting” Click “Edit Security”
  5. Click “Add” -> Type “RTCUniversalServerAdmins” -> Click “OK”
  6. Check all the Allow boxes for the RTCUniversalServerAdmins account -> Click “OK”
  7. Log off and on
  8. DCOM-2

All credit goes to Korbyn for finding the fix.

Advertisements

One response to “DCOM Error When Attempting To Move Lync Users

  1. Robert DurkinRobert Durkin May 22, 2014 at 8:37 am

    Great article. I ran into one issue with your instructions. I was not able to directly add RTCUniversalServerAdmins to the security policy. I would add the group but it wouldn’t “stick” when I tried to verify that the group was listed.

    Instead, I added the RTCUniversalServerAdmins to the local group: “Distributed COM Users”. That group was already assigned the needed security policy permissions. But, in the end this approach worked perfectly. Thanks for sharing your experience.

    Cheers!

    Robert Durkin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: