Issue when Moving Legacy Users to a Lync Server 2010 Pool using HLB

  • Article

This issue has come up a couple of times when customers are trying to move legacy users to a Lync Server 2010 pool that is behind a hardware load balancer (HLB).  When trying to move the legacy user, Move-CsLegacyUser returns the following error:

Unable to connect to some of the servers in pool "<pool name>" due to a Distributed Component Object Model (DCOM) error.  Verify that Front End service is running on servers in this pool. If the pool is set up for load balancing, verify that load balancer is configured correctly.

There are two ways to work around this issue.  Both are listed in KB926642 (https://support.microsoft.com/kb/926642).  In the steps below for Method 1, pay close attention to Step 6, as this is what you need to change to get things working again:

Method 1 (recommended): Create the Local Security Authority host names that can be referenced in an NTLM authentication request

To do this, follow these steps for all the nodes on the client computer:

  1. Click Start, click Run, type regedit, and then click OK.

  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  3. Right-click MSV1_0, point to New, and then click Multi-String Value.

  4. In the Name column, type BackConnectionHostNames, and then press ENTER.

  5. Right-click BackConnectionHostNames, and then click Modify.

  6. In the Value data box, add the IP address of the hardware load balancer VIP, and then click OK.

    Note Type each host name on a separate line.

  7. Exit Registry Editor, and then restart the computer.

 

 

Method 2: Disable the authentication loopback check

Re-enable the behavior that exists in Windows Server 2003 by setting the DisableLoopbackCheck registry entry in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry subkey to 1. To set the DisableLoopbackCheck registry entry to 1, follow these steps on the client computer:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor.
  8. Restart the computer.

 

After making one of the above changes on each Front End Server in the Lync pool and restarting the servers, you should now be able to move users from legacy pools.