IT Consultant Everyday Notes

Just some problems/solutions storage

Monthly Archives: December 2015

Azure: Azure AD Connect version history

Azure team keeps updating Azure AD Connect tool much more often than I thought Smile

New features/fixes every month!

Lync 2013: Multi-user IM conferencing issue (really Certificate chain issue)


Our IT guys called me seeking for support with a weird issue. Multi-user IM conferencing starts to fail. I checked and see an attempt to start “Meet now” failed too with error on connection to conferencing server.

On Client side it gives Error 500 (source ID 239).


In Event Log of Front end Server I saw Event ID 32042 from LS User Services:

“Invalid Incoming HTTPS Certificate”



I checked the certificate and it looked perfectly fine, not expired and with a proper chain.

Next day most contacts in Lync Client were observed in “Updating…” state. Not good.



We deployed a Microsoft KB 2901554 to fix SChannel Authentication Provider on Windows Server 2012 R2

Next I Run the following Power Shell command (one line):

Get-Childitem cert:\LocalMachine\root -Recurse |Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File c:\computer_filtered.txt

to figure out if there are any intermediate certs in Trusted Root certificate folder as recommended in this article

And found one certificate in the wrong container. I moved it in Intermediate Certification Authorities and restarted Lync Services. After that the issue seems to be resolved.

How to add a group to Local Administrators (without wiping out)


1. Create a global security group

2. Create a GPO for ‘Restricted Group’ and add the new group there

3. in properties of the Group in GPO select “member of another group” and select Administrators (Built-in group)

4. Update GPO on target machines

5. Populate the group with accounts you want to be Local Admins


more details here