Saturday, March 16, 2013

Publishing new Lync Server 2013 deployment topology throws the error: “ACLError: Access permissions error.”

Problem

You’re performing a greenfield deployment of Lync Server 2013 in a environment and have completed defining a standard server in the topology then proceed to publish the topology:

clip_image001

… but notice that it errors out:

clip_image001[4]

Reviewing the logs show the following error:

ACLError: Access permissions error.

Error: Failed to save permissions on \\svrlalyncstd01.someDomain.internal\LyncShare.

Error: Attempted to perform an unauthorized operation.

Type: UnauthorizedAccessException

image

Solution

The solution to correct this error is to open up your Lync Server 2013 file share folder’s share permissions:

clip_image001[6]clip_image001[8]clip_image001[10]

… and manually add the following groups into the permissions granting Full Control access:

  • RTCHSUniversalServices
  • RTCComponentUniversalServices
  • RTCUniversalServerAdmins
  • RTCUniversalConfigReplicator

image

I was a bit thrown off as to why I had to do this for this and another greenfield deployment because I did not have to do the same thing for the last 3 Lync Server 2010 to 2013 migrations and I don’t recall having to do this for Lync Server 2010 deployments because simply granting Everyone with Full Control access was enough to allow the install to automatically configure the share folders and grant the 4 groups listed above to the folder.  What was interesting was that if I were to look into the LyncShare folder, I would see that the subfolders are created but the proper share permissions were not configured which was probably where the wizard fails.  In any case, this solved the error that prevented the topology from being published:

clip_image001[14]

clip_image001[16]

4 comments:

Anonymous said...

UAC. Run as Administrator to prevent needing to do this.

Network Administrator said...

Thanks for the tip. My account was member of the domain admins, member of the local server administrators group, and even a member of the schema admin and the four groups had Full Control permissions to the share and I was still getting the error about unable to write to the share. Then I followed the tip from Anonymous about running the Lync Server Deployment Wizard as and Administrator and did the trick. The publishing was successful and no errors.

GajendraSingh Parmar said...

Also i am getting same error. Then I followed the tip from Anonymous about running the Lync Server Deployment Wizard as and Administrator and did the trick. The publishing was successful and no errors

Anonymous said...

WOW.. thanks anonymous... Same thing. Worked for me too.