Recently, I had the pleasure of deploying a new Lync Survivable Branch Appliance (SBA) at a customer site. If you’re unfamiliar with SBA functionality, a SBA’s primary function is to provide voice resiliency in office locations where direct internet connectivity to the main data center/central site is lost. I won’t go on and on about the SBA feature set, so additional information can be found here.
Each SBA manufacturer (AudioCodes, Dialogic, HP, and NET) has their own flavor of initial installation steps to get the SBA at an operational state. The one configuration point that this blog will call out is the Configure Domain step. Typically, the manufacturer guides call for manually creating a new computer object in Active Directory and then later joining the SBA to the domain via the SBA configuration webpage (http://x.x.x.x/sbastartup). A screenshot of this option is below:
Taking a closer look, the actual SBA code runs on top of a Windows 2008 R2 instance. A few administrators out there might decide to simply join the SBA to the domain through normal computer membership as seen below:
If the SBA is joined to the domain through the computer membership option, the green checkbox next to Configure Domain in the SBA configuration webpage will not appear (as seen above). The lack of the checkbox does not necessarily represent an issue and the SBA configuration can continue as normal. After the Configure Domain task, the administrator must install the Lync software and synchronize the Lync configuration files. The Install Lync Software option should complete as normal as shown below:
As soon as the Synchronize Lync Configuration Files option is selected, the task will most likely fail with the following error in the Event Log:
|sync: Import-CsConfiguration : Cannot open database “xds” requested by the login. The login failed.
Login failed for user ‘KCDEMOlyncsbaadminaccount’.
At line:1 char:228
+ Import-Module -name ‘C:Program FilesCommon FilesMicrosoft Lync Server 2010ModulesLyncLync’; $global:__CsImpersonationMode = [Microsoft.Rtc.Management.ImpersonationMode]‘SurvivableBranchAppliance’; Import-CSConfiguration <<<< -Verbose -LocalStore -FileName ‘C:WindowstempsbaRepData1250401836.zip’ ; exit
+ CategoryInfo : NotSpecified: (:) [Import-CsConfiguration], SqlConnectionException
+ FullyQualifiedErrorId : Microsoft.Rtc.Common.Data.SqlConnectionException ,Microsoft.Rtc.Management.Xds.ImportConfigurationCmdlet
As described above, if the SBA was joined to the domain through the computer membership option then the login error above is directly related to the RTCUniversalSBATechnicians security group missing from the Local Administrators group on the SBA. To resolve the issue, follow the steps below:
- Click the Windows Start button
- Right-click My Computer and select Manage
- Expand Local Users and Groups and select Groups
- Once the security groups appear, double-click Administrators
- Click the Add button
Enter the RTCUniversalSBATechnicians and click Check Names
- Ensure that the Lync SBA technician account has been added to the RTCUniversalSBATechnicians security group in Active Directory
- Click OK twice
- Log out of the SBA configuration interface (http://x.x.x.x/sbastartup)
- Log back into the SBA configuration interface (http://x.x.x.x/sbastartup) using the same SBA technician account
After logging back into the SBA configuration interface, the Synchronize Lync Configuration Files step should complete successfully!