While working on a global Skype for Business deployment, I was moving a test user account between 6 pools and ran into DCOM errors when trying to move the account to two of the pools.
The specific error shown in the Skype for Business 2015 Control Panel:
Unable to connect to some of the servers in pool “poolname” due to a Distributed Component Object Model (DCOM) error. Verify that Front End service is running on servers in this pool. If the pool is set up for load balancing, verify that load balancer is configured correctly.
Wait a minute, haven’t I already blogged about this:
DCOM Error When Attempting To Move Lync Users well that Lync 2010 Server fix didn’t work. I noticed although the error was the same in the Control Panel, I had no issues using the Management Shell to move to and from the problem pools.
Time to look at the even logs… On the requesting Front End I would see a System Event Log ID: 10006 for each Front End in the destination pool.
On each Front End in the destination pool I would see a System Event Log ID: 10016.
Now to fire up dcomcnfg and expand: Component Services, Computers, My Computer, DCOM Config.
The Application ID in the event log {DAA77B0D-C664-437C-8B37-22CDC053B961} is the RTC Store Access Interface Class.
Right click RTC Store Access Interface Class and select Properties, Security Tab and Edit the Launch and Activation Permissions.
Problem Front End:
Successful Front End:
So I added the local server’s RTC Local Administrators, RTC Local User Administrators and RTC Server Local Group with Allow Local and Remote Activation on each Front End in the problem pools.
Didn’t need a reboot or service restart as moving the user from the Control Panel was instantly successful.
I tried to determine the root cause of the permission discrepancies for the one DCOM object. All 15 Skype for Business Front Ends were deployed identically and in the same Active Directory Domain and Organizational Unit, still unsure why 6 had the issue.