Command execution failed: The process does not possess the ‘SeSecurityPrivilege’ privilege which is required for this operation

Error:- You try to Request and Install Lync server Certificate using deployment wizard and get the below error while assigning the certificate to Web Services Internal, External and Default and get below error

Command execution failed: The process does not possess the ‘SeSecurityPrivilege’ privilege which is required for this operation

Cause:- The reason is you do not have appropriate access to assign the certificate to given lync services.

Other Information:- Open GPEDIT.MSC in the lync server and go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment

Check the setting “Manage Auditing and Security Logs”, you will see Local Administrators Group missing here.

Solution:- Add local Administrators group here locally or using Group Policy, run gpupdate /force, logoff user and relogin and try again.

Move-CsUser : Unable to locate Windows Live ID token from the provided credentials, or fr om Active Directory Federation Services (AD FS) credentials cache.

PROBLEM

I am getting below error while trying to move the on-premises lync 2013 user to Skype Online.

O365 Sign in method – Seamless Single Sign-on
ADFS Services – Stopped

ADConnect Sync – OK

Password Write back – Enabled

Move-CsUser -Identity “mailtest@domain.com” -Target sipfed.online.lync.com -Confirm:$false -Verbose

VERBOSE: CN=MailTest,OU=Test,OU=Users,OU=IT,OU……………..DC=local

WARNING: Moving a user from the current version to an earlier version (or to a service

version) can cause data loss.

VERBOSE:CN=MailTest,OU=Test,OU=Users,OU=IT,OU……………..DC=local

Move-CsUser : Unable to locate Windows Live ID token from the provided credentials, or fr

om Active Directory Federation Services (AD FS) credentials cache.

At line:1 char:1

+ Move-CsUser -Identity “mailtest@domain.com” -Target sipfed.online.lync.com -Co …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : InvalidOperation: (CN=MailTest,OU=………..DC=local:OCSAD

User) [Move-CsUser], MoveUserException

+ FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserC

mdlet

Move-CsUser : HostedMigration fault: Error=(510), Description=(This user’s tenant is not enabled for shared sip address space.)

PROBLEM

In a Lync hybrid deployment, when you try to move users from the on-premises server that is running Lync to Skype for Business Online (formerly Lync Online) in Office 365, you receive the following error message in Skype for Business Online PowerShell:

Move-CsUser : HostedMigration fault: Error=(510), Description=(This user’s tenant is not enabled for shared sip address space.)

SOLUTION

Before you try to migrate an on-premises Lync user to Skype for Business Online in Office 365, your Office 365 Skype for Business Online organization must be enabled for Shared Session Initiation Protocol (SIP) Address Space.

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

 

How to connect to Skype for Business Online PowerShell

The first step is to install the Windows PowerShell Module for Skype for Business Online. For information, go to the following Microsoft website:

After you have the Skype for Business Online Connector module installed, open Windows PowerShell, and then run the following commands:

Import-Module LyncOnlineConnector

 

$cred = Get-Credential

 

$CSSession = New-CsOnlineSession -Credential $cred

 

Import-PSSession $CSSession -AllowClobber

For more information about how to connect to Skype for Business Online by using Windows PowerShell, go to the following Microsoft TechNet website:

Event ID 14614: User authentication with NTLM protocol failed with error SEC_E_UNSUPPORTED_FUNCTION. This indicates a potential mismatch between security policy settings on the client and server computers.

Cause:

This error can occur if the settings in “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” policy on the client computer are not the same as the settings in the “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers” policy on this server. By default, the “Require 128-bit encryption” setting is disabled for computers running Windows Server 2008, Windows Vista, Windows Server 2003, Windows 2000 Server, or Windows XP. For computers running Windows 7 or Windows Server 2008 R2, this setting enabled by default.
Resolution:
Ensure that the “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” policy settings on the computers from which users log on are the same as “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers” policy settings on this server.

How to Enable Users for Lync 2013

Login to the Lync URL

https://Lync.abc.com/Cscp/

Single sign on will work for this

clip_image002[4]

Click on Enable Users for Lync Server.

clip_image003[4]

Click Add to add the user for enabling it.

clip_image004[4]

Type the user logon name in search field and click find, select the required user and click ok.

clip_image005[4]

Select pool server from the drop down from Pool list.

clip_image006[4]

Select Enterprise Voice from the Telephony drop down list.

clip_image007[4]

Click on the Enable to enable the user for lync.