Adaxes

WINRM Error when enabling user for Lync

0 votes

Hi all,

I get the error below when enabling a user for Lync. I have opened port 5986 for winrm over https and have verified the correct certificates on the Lync servers. From my Adaxes servers, I can do a "Test-WSMan -ComputerName FQDN -UseSSL" and the test is successful.

Thanks for the help.

Connecting to remote server failed with the following error message : The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig -transport:https". For more information, see the about_Remote_Troubleshooting Help topic.
Copy code
by (50 points)
0

Hello Joshua,

To help us troubleshooting the issue, can you do the following:

  1. On the computer where Adaxes Service is installed, launch Internet Explorer.

  2. In the address bar, specify the following:
    https://**lyncserver.domain.com**/ocspowershell

    • where lyncserver.domain.com is the fully qualified domain name (FQDN) of your Lync Server.

  3. As soon as the page completes loading, you will get a blank page and a certificate icon in the address bar. Is the certificate icon green (trusted) or red (untrusted)?

by (216k points)
0

The certificate is trusted.

I'm not sure if this makes a difference, but the certificate that is presented from https://lyncserver.domain.com/ocspowershell is different from the certificate is used on the winRM listener.

Thanks

by (50 points)
0

Hello Joshua,

Can you do the following for further troubleshooting:

  1. Log in to your Lync Server as an administrator.
  2. Launch Internet Information Services (IIS) Manager from Control Panel \ Administrative Tools.
  3. Expand the node that represents the Lync Server.
  4. Locate the Ocspowershell web application.
  5. Select it.
  6. Double-click Authentication.
  7. Which authentication options are enabled / disabled?
  8. Can you select Windows Authentication, and then click Providers? What providers do you see and in which order?
by (216k points)
0

The providers I have are Negotiate and NTLM.

by (50 points)
0

Hello Joshua,

What about authentication options? Are they the same as above (Windows Authentication and Anonymous Authentication enabled, all other options disabled)?

Also, did you install Windows Management Framework 5 on your Lync Server?

by (216k points)
0

Hi,

All of the other authentication options are how they are in your picture. I installed Framework 5 on the servers and I get the same error message.

by (50 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Since the default PowerShell endpoint works, and taking into account the difference in certificates, you can try binding the certificate of the default PowerShell endpoint to the Lync endpoint. To do this, bind the certificate to port 443 (HTTPS) of the IIS web site where the Ocspowershell web application resides. For information on how to do that, see the following guide, section Bind the Certificate to a website: https://www.sslshopper.com/article-inst ... s-7.0.html.

If that doesn't resolve your issue, try tracing the SSL traffic to understand where the cause for the issue may be. For information on how to do that, see the following article by Microsoft: https://blogs.technet.microsoft.com/tsp ... -failures/. Pay attention that when connecting to a Lync Server, the Ocspowershell endpoint is used (not the default WinRM endpoint), and the communication port is 443 (HTTPS).

Related questions

0 votes
1 answer
Enable for Lync - WinRM cannot process the request

Hi everyone, we're getting the below error when enabling a user for Lync: Connecting to remote server failed with the following error message : WinRM cannot process the request ... box' Lync enablement feature. Any ideas what might be going on? Thanks again!

asked Dec 6, 2013 by EgotisticalGiraffe (350 points)
0 votes
1 answer
Enabling Lync for new users

Hi- When I attempt to set this up, in my drop box, I have "no pools found" and is unable to enter the pool. Why can't I enter the pool or what has to happen in order for Adaxes to see that we have pools available?

asked May 29, 2014 by MeliOnTheJob (1.7k points)
0 votes
1 answer
What does this error mean when disabling a user in Skype for Business?

"Connecting to remote server <<FQDN Servername>> failed with the following error message : The server certificate on the destination computer (<<FQDN servername: ... ? This may help to diagnose the issue with schannel on the skype server.

asked Mar 5, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer
Enable the user for Lync

Hi We are experiencing problems with the "Enable the user for Lync" function: Enable the user for Lync (Pool: 'lync-server.domain.local', SIP URI: 'sip:%mail%') Processing ... Help topic. This is for a managed domain, not the one Adaxes is installed in.

asked Oct 31, 2013 by kjesoo (960 points)
0 votes
1 answer
Time Out operation Error when running a report for getting license info for users from Azure

I created a Report asking the report to get the Assinged Microsoft Supbsription license assinged to the Users, When the Reports runs it geta few users but time out ... way to increase the time Out oprtion fro Reports that are getting information from Azure?

asked May 16, 2024 by George.Holden (60 points)
3,669 questions
3,354 answers
8,470 comments
549,202 users