So I was like “huh…?! really” checking Lync, only one user have this SIP address, checking Active directory msRTCSIP-PrimaryUserAddress attribute of all users (thanks to PowerShell) found that only him has this SIP address, then what is the problem?įinally I tried the last two options which are using DBanalyze & disabling and enabling the user again for Lync, long story shot, did not fix it also. “User URI is already being used by another valid user in the database….” Reason: Failed to open the explicitly specified database xds. Monitoring the event viewers to see the progress of the synchronization I saw a new error reportedĮvent ID 30020, source “LS User Replicator” Login failed for user NT AUTHORITYNETWORK SERVICE.
#Skype for business login failure update#
So like any other Lync specialist will do, I fired the PowerShell and give command to Lync to update the user database, thinking it might be a problem with Synchronization TroubleshootingĬhecking the user’s object-sid attributes in the Active directory I found even a stranger problem, the account had a 3rd SID that is totally different from the ones reported in the logs 🙂 So the problem was with the user SID, for some reason when Lync synched the new accounts to its database after the AD migration, it took it with wrong SID, so Lync database had a SID of this users that is not the same like the one from active directory. “ ms-diagnostics: 4004 reason=Credentials provided are not authorized to act as specified from URI AuthenticatedIdentity = username source = frontend“ Shortly after I see a SIP/2.0 403 Forbiddenerror with “User Token SID S-1-5-21-xxx-xxx-xx-xxx did not match DB SID S-1-5-21-xxx-xxx-xx-xxx” Text: Failed to authorize user credentials
#Skype for business login failure password#
When the user try to log in he gets an error to check his username and password, resetting the user’s password did not result in any success.Ĭollecting sip-stack logs on the client and the server while trying to log in gave me the reason why the frontend is refusing the login credentials The client itself calculates the certificate and sends the public key to the Skype for Business Certificate Provisioning Service (Webservice).
During one of my regular on-site visit to a customer of mine, I ran into a problem with a user cannot sign in to Lync 2013 clients, whenever the user try to login he gets an error message telling him to check his username and password (Login credentials), although the credentials is 100% correct, he could never log in, interesting to say here is that the history of the customer’s infrastructure included an Active directory migration.