I was doing a Lync Server 2013 to Skype for Business migration, where I setup the new Skype for Business server in parallel with the Lync Server 2013 server so that there was little to no downtime. Once the Skype for Business server I migrated a test user from Lync Server to 2013 to Skype for Business and received the error in powershell :
And this error in the LyncServer event viewer.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
to the user Domain\hmankal SID (S-1-5-21-1961215030-2606059505-2374170179-13280) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Doing a bit of searching , found that i needed to modify the permissions in DCOM to add the RTCUniversalServerAdmins to full control.
Here is how we do that:
- Click “Start” -> “Run” -> Type “ ” -> Click “OK”
- Expand “Local Policies” -> Click on “Secuirty Options”
- Double Click “DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax” Policy
- On the “Template Secuirty Policy Setting” Click “Edit Security”
- Click “Add” -> Type “RTCUniversalServerAdmins” -> Click “OK”
- Check all the Allow boxes for the RTCUniversalServerAdmins account -> Click “OK”
- Log off and on
Re-ran the move command and was able to migrate the user.