Home > Lync > Using DFS for Publishing the Lync File Share

Using DFS for Publishing the Lync File Share

Since the February 2012 update for Lync, the Lync File share can successfully be created on DFS. After configuring this at a customer site, we discovered that some extra rights were required to get it to work. First, I will show you what those settings are, and then I will show you all the errors you will see if it is not set correctly. An easy way to test whether you are experiencing a DFS issue, is to move the Lync File Share to any Windows Server and see if the issue is resolved. You can find instructions for moving the Lync File share here

In DFS, the Everyone Group should have rights to Read and Change. This is what fixed all our issues. What account actually needs those Change rights does not seem to be well documented, if anyone has any ideas please share. The NTFS rights are still locked down, so we didn’t see an issue with opening up the share permissions a bit. This is what our final Share permissions look like in DFS.

This is addition to the normal Share permissions of:

  • Share Permissions:
    • Domain Administrator: Full Control
  • NTFS Permissions:
    • Domain Administrator: Full Control
    • Everyone: Read & Execute

Onto all the symptoms. This is mostly just to make this solution searchable.

On the Lync Client we saw:

“Type your user name and password to connecto for retrieving response groups.”

Entering the password just made the box re-prompt, but never locked out the account.

On the Lync Server we saw the following error codes:

Error 4096, Error 4101, and Error 21046

Error 4096

An unhandled exception was encountered in WebTicketService service.

Exception Details. System.UnauthorizedAccessException: Access to the path ‘\\domain.com\Applications\LyncPool1\1-WebServices-1\WebAuthStore\WebT_Sign-17FFB89F52E254296C7997D508A7760F196CA.cer’ is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

Error 4101

Failed to save Web Ticket Signing certificate to the file store.

Certificate file path: \\domain.com\Applications\LyncPool1\1-WebServices-1\WebAuthStore\WebT_Sign-1789F52E254296B67997D508A7760F196CA.cer, exception details: System.UnauthorizedAccessException: Access to the path ‘\\domain.com\Applications\LyncPool1\1-WebServices-1\WebAuthStore\WebT_Sign-17FFB89F52E254296CAB679D5A7760F196CA.cer’ is denied.

Error 21046

Address Book Server has encountered an unexpected exception.

Exception: Access to the path ‘\\domain.com\Applications\LyncPool1\1-WebServices-1\ABFiles0000000-0000-0000-0000-0000000000000000000-0000-0000-0000-000000000000′ is denied.
Exception Type: System.UnauthorizedAccessException

About these ads
Categories: Lync
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: