Lync 2013 to Skype for Business DCOM Error migrating users

twitterlinkedinmail

I was doing a Lync Server 2013 to Skype for Business migration, where I setup the new Skype for Business server in parallel with the Lync Server 2013 server so that there was little to no downtime. Once the Skype for Business server I migrated a test user from Lync Server to 2013 to Skype for Business and received the error in powershell : MoveLyncToSFB

And this error in the LyncServer event viewer.

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7E564F10-F8D5-4CE6-8A31-A456182D9D80}
 and APPID
{7E564F10-F8D5-4CE6-8A31-A456182D9D80}
 to the user Domain\hmankal SID (S-1-5-21-1961215030-2606059505-2374170179-13280) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Doing a bit of searching , found that i needed to modify the permissions in DCOM to add the RTCUniversalServerAdmins to full control.

Here is how we do that:

  1. Click “Start” -> “Run” -> Type “secpol.msc” -> Click “OK”
  2. Expand “Local Policies” -> Click on “Secuirty Options”
  3. Double Click “DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax” Policy
  4. On the “Template Secuirty Policy Setting” Click “Edit Security”
  5. Click “Add” -> Type “RTCUniversalServerAdmins” -> Click “OK”
  6. Check all the Allow boxes for the RTCUniversalServerAdmins account -> Click “OK”
  7. Log off and on

Re-ran the move command and was able to migrate the user.

twitterlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

*