When using CredSSP, the delegate server (the server I am remoted into) will pass the credentials to the domain controller on my behalf when needed. CredSSP allows me to specify a server which I allow to utilize the credentials which I passed during authentication for the remote PowerShell session. Which credentials are going to be used when making this query to the DC? What’s happening is that running Get-CsUser requires a second hop - meaning I am asking the remote server to make a query to the domain controller (the second hop). It’s not really a problem, but it does require a quick work-around. It’s something known as the “second-hop problem” and is applicable to many other products. This is not actually a SfB specific problem. Now let me try running a really common command, Get-CsUser. The result is a pretty unhelpful errorĪctive Directory error “-2147016672” occurred while searching for domain controllers in domain “home.lab”: “An operations error occurred.”Īnd in the exception, it says “ADTransientException”
I can run all kinds of commands without issue, including some SfB-specific cmdlets like Get-CsWindowsService New-PSSession -ComputerName -Credential $creds I’ll open a remote PS session to my lab SfB server, which is just a SfB 2015 Standard Edition VM $creds = (Get-Credential) However, when trying to run many specific Skype for Business cmdlets, you may run into problems. Since Windows Server 2012 enables PS remoting by default, you don’t need to do anything special to run normal commands like Get-Service, Get-Process, etc… Troubleshooting profile issues like this is not worth the time, its easier to just stick with the new working profile and migrate the apps and configurations over to the new profile.This post will show how to get PowerShell remoting to work properly with Lync/Skype for Business Server. If it is, then you'll have to start working on migrating the users files from the old profile folders (my docs/pics/videos/bookmarks/ect.) to the new profile. The next time the user logs in, it will recreate a whole new windows profile and this will allow you to test if that is the problem. If deleting the local cache doesn't work, have someone with admin rights sign into the machine and rename her Windows profile directory (C:\users\userfolder.bak). If that doesn't work, do you have an Exchange tenant? Can she log into OWA and see if she can see her own presence? %userprofile%\appdata\microsoft\office\16.0\Skype for Business\ - Skype for Business 2016 (O365)ĭelete this folder and all files in and reinstalling the application doesn't touch these files and a good 80% of the client problems I've seen are solved by deleting these damn files. %userprofile%\appdata\microsoft\office\15.0\lync\ - Lync 2013/Skype for Business 2015 In the folder structure below, you'd delete the sip_ directory: First, I'd make sure to delete her clients local cache.
0 kommentar(er)
